Please patch Firefox now to fix this zero-day security flaw

Please patch Firefox now to fix this zero-day security flaw

If you're using Mozilla Firefox, stop what you're doing and check to see if you have version 72.0.1 of this popular web browser, or 68.4.1 if you're using an Extended Support Release (ESR) build.

A few days after releasing Firefox 72 and Firefox ESR 68.4, Mozilla learned that researchers at Qihoo 360 had discovered a serious security flaw.

Mozilla stated in an advisory posted yesterday (January 8) that indeed it has already happened: "We are aware of a targeted attack that exploited this flaw.

Mozilla doesn't say much else, except that this is related to an error in Firefox's just-in-time JavaScript code compiler; John E. Dunn of Sophos' Naked Security blog has a good idea of what that means useful deep dive.

Also important is what Mozilla left out of this security advisory. (Compare that to the two previous Mozilla security advisories, which both specified Windows.) Until we know otherwise, we must assume that this flaw affects Windows, macOS, or Linux.

To check your Firefox version, go to Help --> About Firefox on Windows or Firefox --> About Firefox on Mac. Many instances of Firefox are automatically updated, so if you started it this morning, it may already have version 72.0.1 or ESR 68.4.1.

If not, you can check for updates by checking the version number.

Categories