Firefox users urged to update their browser against a zero-day flaw

19 Jun 2019

Image: dimarik/Depositphotos

Hackers are reportedly exploiting a zero-day flaw in Mozilla’s Firefox web browser.

Mozilla, maker of the Firefox web browser, has released an emergency patch to counter a zero-day flaw in the browser that is actively being exploited in the wild.

The vulnerability can cause an “exploitable crash” of the browser, according to Mozilla. “We are aware of targeted attacks in the wild abusing this flaw,” Mozilla warned.

Firefox currently accounts for about 5pc of the world’s browser market share, according to StatCounter.

Targeted crypto attacks

The bug was spotted by Samuel Groß, a member Google’s Project Zero security research division and the Coinbase Security team, leading to speculation that attacks are targeting cryptocurrency owners.

On Twitter, Groß responded to news of Mozilla’s update explaining: “I don’t have any insights into the active exploitation part.”

Groß, who said that he first reported the bug on 15 April, added: “The bug can be exploited for RCE but would then need a separate sandbox escape. However, most likely it can also be exploited for UXSS which might be enough depending on the attacker’s goals.”

A critical fix was issued yesterday (18 June) and Firefox version 67.0.3 and Firefox ESR 60.7.1 are the latest recommended browser versions.

How to update Firefox

It’s best practice to keep your browser up to date against any known security threats.

For Mac users, simply open Firefox, click ‘Firefox’ in the menu bar and then ‘About Firefox’. The resulting information window will give you the details on which version of Firefox you’re running and will also include a button that reads ‘Restart to update Firefox’ if necessary.

For Windows users, open Firefox and click the menu icon. Click ‘Help’ and then ‘About Firefox’. Once again, an information window will display the current Firefox version and include a button to ‘Check for updates’. After a check is initiated, the button will change to allow you to update the version, then ‘Apply update’. This will provide more information on the update and allow users to progress with downloading and installing it.

If Firefox is up to date, following the above steps to find the browser information will let you know that the browser is up to date.

Alternatively, visit the Mozilla website to directly download the latest version.

Firefox browser icon on Mac computer. Image: dimarik/Depositphotos

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com