If you use Mozilla Firefox’s web browser, you’ll want to drop what you are doing right now and update it. That urging doesn’t just come from Mozilla—it comes from the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.
From CISA’s warning:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
Mozilla itself says: “We are aware of targeted attacks in the wild abusing this flaw.”
To upgrade your Firefox browser:
On a Mac: launch Firefox and click About > Firefox and click the “Restart to update Firefox” button.
On a PC: launch Firefox and go under either Options > Firefox Updates or Options > Advanced > Update to update Firefox.
The version you want to be running (ie: that is safe from the vulnerability) is Firefox 72.0.1 and Firefox ESR 68.4.1 or higher. Firefox browsers for mobile devices are not known to be affected.