Use Firefox? Update now, as you may be vulnerable to a major flaw

If you’re not running Firefox version 67.0.3 or Firefox ESR 60.7.1, it’s time to update. Right now.

Why the urgency? Firefox maker Mozilla is warning users that their browser has a zero-day security flaw that is being actively exploited by internet bad eggs. To counteract that, Mozilla has pushed out an emergency patch to keep you protected  If you want to go and update now, right now, we won’t hold it against you.

How do you update? First step would be to restart your browser. However, you may need to click the icon on the top right corner of the screen and type Update into the search box. From there, mash the “restart to update Firefox button” and restart again.

Related: Best VPN 2019

Get it right, and you’ll see a “Congrats! You’re using the latest version of Firefox.” page. Mozilla has a nice guide to updating Firefox if anything isn’t working right.

The issue is a type confusion vulnerability. Type confusion vulnerabilities occur when a piece of code doesn’t verify the type of object that is passed to it, before going on to use it blindly without type-checking it.

In this case, this type confusion vuln could occur manipulating JavaScript objects due to issues in Array pop. Mozilla say that this can lead to an exploitable crash, and bad actors are actively abusing this right now.  It’s unclear what benefit this could provide to those using this flaw maliciously, but generally anyone trying to mess with your computer via the internet is bad news.

ZDNet, who broke the news, reckon it could be something to do with stealing cryptocurrency, based on the security researcher who discovered the bug, who works for one of Google’s own security research teams and also that of the cryptocurrency marketplace Coinbase. 

So… do make sure you update!