If you use the Mozilla Firefox web browser, the government recommends that you update the browser because of a zero-day vulnerability that could enable hackers to take control of your computer.
The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is encouraging those with the Firefox browser to update to versions 72.0.1 and ESR 68.4.1.
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild,” CISA’s statement published on Wednesday reads.
Mozilla is aware of the vulnerability and issued a fix for it in the latest update version on Wednesday, January 8. The zero-day vulnerability (CVE-2019-17026) was labeled by the company as “critical” and could have allowed potential hackers an open door to access people’s browsers and computers. The company said that hackers actively engaging in “targeted attacks” against the exploit, meaning you could be at serious risk if you don’t update your browser as soon as possible.
Mozilla said that Chinese cybersecurity firm Qihoo 360 found and reported the vulnerability to the company.
According to Forbes, a zero-day vulnerability means “a security vulnerability that is not known to the product vendor or security researchers but, crucially, is known to threat actors who can then exploit it.”
How to update Firefox
Updating your Firefox browser to protect you from this vulnerability is simple:
- Go to your browser’s menu bar and click About Firefox.
- A new window will open and will begin to check for any updates, downloading them automatically.
- Once the download is complete, be sure to click Restart to update Firefox to make sure you are using the latest version (72.0.1).
Despite this vulnerability, Firefox is a close runner-up to Google Chrome for Digital Trends’ pick for the best web browser. Firefox is more privacy-centric than Chrome and is comparably fast.
Firefox has made recent updates in the last month that include better privacy protections with anti-tracker support, improved password syncing across devices, and integrated breach alerts.
In November, Firefox also made an update in Firefox 70 that allows you to hide notification permission pop-ups that can get annoying.
Digital Trends reached out to Mozilla to find out more about the vulnerability, and what could have caused it. We will update this story once we hear back.
- Here’s why you need to update your Google Chrome right now
- Firefox browser now disables plugin support, prevents fake 'secure' cookies
- U.S. government can now sue companies that fail to protect customer data