Canada, U.S. governments issue advisory for Firefox security flaw, urge update

Firefox 72.0.1 patches the exploit, so you should update right away

A new Firefox update just rolled out, but you’ll want to check for updates again.

Mozilla has pushed out another update to patch a critical vulnerability in the desktop browser, and the company is urging users to upgrade as soon as possible.

However, Mozilla isn’t alone in the warning; the Canadian and U.S. governments have issued a warning about the flaw as well.

The Canadian Centre for Cyber Security posted an advisory noting that Mozilla released Firefox version 72.01 (or ESR 68.4.1 for some enterprise users), which addresses a critical ‘type confusion vulnerability.’ That vulnerability, according to the advisory, may allow for ‘out-of-bounds memory access’ that could lead to the execution of arbitrary code.

Further, the advisory states that Mozilla has detected that the vulnerability was exploited. It urges users and system administrators to review Mozilla’s security advisory and apply the necessary updates. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) echoed the concern in its advisory. CISA also warned that the exploit could allow attackers to take control of an affected system.

The Next Web reports that Chinese cybersecurity firm Qihoo 360 disclosed the zero-day exploit. Despite Mozilla acknowledging that attackers have exploited the vulnerability, it didn’t explain how attackers were doing so.

Unfortunately, Mozilla has had to deal with several exploits uncovered in Firefox this year. The Next Web notes that this is the third zero-day vulnerability in Firefox this year. Further, in November, the company rushed to patch a Firefox flaw that allowed attackers to lock up the browser with a frightening message that could be used to defraud users.

If you’re a Firefox user, you should definitely update your browser right away. The patch is available through version 72.0.1, or ESR 68.4.1 for some enterprise users. To update, click the three-line menu button in the top right corner of the browser, then click ‘Help’ > ‘About Firefox.’ That should open a window that will tell you which Firefox version you’re running and give you an option to restart the browser to apply the latest update.

Source: The Next Web