Monday , September 21 2020
Home / Security / This Firefox vulnerability is so bad, the U.S. government is urging users to patch it immediately

Seriously, go update your browser before you even read this.

This Firefox vulnerability is so bad, the U.S. government is urging users to patch it immediately

By

Staff Writer,

PCWorld |

We’re just 10 days into 2020, and already we have our first critical security flaw. It comes from Mozilla’s popular Firefox browser, and it’s so dangerous, the Homeland Security Cybersecurity and Infrastructure Security Agency is warning users about it.

The good news is that it’s already been patched. The bad news is that it’s already being exploited in the wild. And it’s about as bad as it can get. In technical terms, as Mozilla explains, “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. That means that an attacker could exploit the Javascript code to surreptitiously hack a user’s PC and install malicious code outside of Firefox. Mozila says it is “aware of targeted attacks in the wild abusing this flaw,” but doesn’t give any information about how widespread the attacks are.

The Department of Homeland Security echoed that warning and urged users to “apply the necessary updates.” The government regularly tracks malware and vulnerabilities, but rarely do consumer apps rise to the level of a cyber alert.

The bug was first detected by Chinese security company Qihoo 360 just two days after the initial update was released, according to TechCrunch. The vulnerability is patched in Firefox 72.0.1 and Firefox Extended Support Release (ESR) 68.4.1. Firefox should check for updates immediately upon launch, but if you’ve disabled that setting, you can update your browser in the General tab inside settings.

This story, “This Firefox vulnerability is so bad, the U.S. government is urging users to patch it immediately” was originally published by

PCWorld.

Michael Simon covers all things mobile for PCWorld and Macworld. You can usually find him with his nose buried in a screen. The best way to yell at him is on Twitter.

Copyright © 2020 IDG Communications, Inc.

This Article was first published on itnews.com

About IT News Ug

Check Also

IT snapshot: Ethnic diversity in the tech industry

As Black Lives Matter marches take place across the world, where do the U.S., U.K. and other major Western countries stand in their IT diversity?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//graizoah.com/afu.php?zoneid=2572107