DHS Issues Rare Warning to Firefox Users: Update Your Browser Immediately
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
By default, Firefox will update automatically, but you can always do a manual update. Manual updates will still let Firefox download an update, but it won’t install it until you restart Firefox. Here’s how to set it up:
- On the menu bar click the Firefox menu and select About Firefox.
- The About Firefox window will open. Firefox will begin checking for updates and downloading them automatically.
- When the download is complete, click “Restart to update Firefox.”
From the DHS Cybersecurity and Infrastructure Security Agency’s warning:
- Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
- The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.