The U.S. Department of Homeland Security’s Cyber Security and Infrastructure Agency (CISA) issued a statement on Jan. 8 urging Firefox users to update their browser for certain vulnerabilities in the system that have already been exploited.
“Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild,” said the announcement from CISA.
CISA is encouraging users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.
According to FastCompany the problem is that versions of the Firefox desktop browser older than the recently revised version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system, whether they use Windows or Mac.
Apparently this vulnerability is already being exploited, so CISA is urgently urging users to update their browsers.
There is no knowledge that Firefox browsers for mobile devices are affected by this vulnerability.
Mozilla admits, “We are aware of targeted attacks in the area that abuse this flaw.”
Steps to upgrade your Firefox browser
On a Mac: Start Firefox and click About > Firefox and click the “Restart to Refresh Firefox” button.
On a Windows PC: Start Firefox and go to Options> Firefox Updates or Options> Advanced> Update to update Firefox.
The version you want to run (that is safe from the vulnerability) is Firefox 72.0.1 and Firefox ESR 68.4.1 or higher.