large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Use Firefox? Update now, as you may be vulnerable to a major flaw

If you’re not running Firefox version 67.0.3 or Firefox ESR 60.7.1, it’s time to update. Right now.

Why the urgency? Firefox maker Mozilla is warning users that their browser has a zero-day security flaw that is being actively exploited by internet bad eggs. To counteract that, Mozilla has pushed out an emergency patch to keep you protected  If you want to go and update now, right now, we won’t hold it against you.

How do you update? First step would be to restart your browser. However, you may need to click the icon on the top right corner of the screen and type Update into the search box. From there, mash the “restart to update Firefox button” and restart again.

Related: Best VPN 2019

Get it right, and you’ll see a “Congrats! You’re using the latest version of Firefox.” page. Mozilla has a nice guide to updating Firefox if anything isn’t working right.

The issue is a type confusion vulnerability. Type confusion vulnerabilities occur when a piece of code doesn’t verify the type of object that is passed to it, before going on to use it blindly without type-checking it.

In this case, this type confusion vuln could occur manipulating JavaScript objects due to issues in Array pop. Mozilla say that this can lead to an exploitable crash, and bad actors are actively abusing this right now.  It’s unclear what benefit this could provide to those using this flaw maliciously, but generally anyone trying to mess with your computer via the internet is bad news.

ZDNet, who broke the news, reckon it could be something to do with stealing cryptocurrency, based on the security researcher who discovered the bug, who works for one of Google’s own security research teams and also that of the cryptocurrency marketplace Coinbase. 

So… do make sure you update!

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.