U.S. Department of Homeland Security Urges Firefox Users to Install Update Amid Active Attack

Friday January 10, 2020 12:36 pm PST by Juli Clover
The United States Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, this week urged customers who are using the Firefox browser to upgrade to version 72.0.1, as there is a major vulnerability in older versions of the Firefox browser.


Mozilla released Firefox 72.0.1 on Wednesday to address a security issue that allows malicious entities to run unauthorized code on a target computer through a webpage, letting them take control of an affected system. From Mozilla:
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
As the above quote states, there are known targeted attacks exploiting this flaw, which means it's important for all Firefox users to upgrade, including enterprise users.

The vulnerability was first discovered by Chinese company Qihoo 360 two days after the release of Firefox 72, but there is no word on how long the bug has been exploited nor who used the vulnerability or who might have been targeted. This is the third zero-day vulnerability that Mozilla has addressed within the last year, with the company patching two other major vulnerabilities in June 2019.

MacRumors readers who use Firefox for Mac but have not installed the latest version should make sure to do so. The latest version of Firefox can be downloaded from the Mozilla website or through the update function within Firefox itself.

Tags: Mozilla, Firefox
[ 86 comments ]

Top Rated Comments

(View all)

Avatar
phr0z3n
2 weeks ago
That does it I'm going back to Netscape Navigator.
Rating: 35 Votes
Avatar
ghanwani
2 weeks ago
see, told ya to stick with chrome! with chrome, only google can steal your stuff, nobody else.
Rating: 31 Votes
Avatar
M-Life
2 weeks ago


see, told ya to stick with chrome! with chrome, only google can steal your stuff, nobody else.


Chrome becomes more and more like the old Internet Explorer every day. The browser for people who aren't "tech savvy" and don't know computers.
Rating: 25 Votes
Avatar
pointy
2 weeks ago


I only have Firefox for the rare website that doesn't work under Safari.

Opposite
Rating: 24 Votes
Avatar
oneMadRssn
2 weeks ago
Firefox is pretty awesome on MacOS. Having actual functional extensions makes it absolutely worth it over Safari.
Rating: 23 Votes
Avatar
Plutonius
2 weeks ago
I only have Firefox for the rare website that doesn't work under Safari.
Rating: 22 Votes
Avatar
sw1tcher
2 weeks ago


I like the Brave Browser.....


I heard rumors that Apple's going to take over the developers (Brave Software, Inc.) and rename the browser to "Courage" ;)
Rating: 17 Votes
Avatar
baryon
2 weeks ago

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.


I hate it when that happens!
Rating: 12 Votes
Avatar
techpr
2 weeks ago
Still the most Secure Browser. Updated to 72.0.1 yesterday.
Rating: 12 Votes
Avatar
coolfactor
2 weeks ago
Let's face it, all of todays "modern" browsers are fantastic. Choosing one or another is personal preference and based on loyalty, not so much based on performance or functionality.

Firefox started out as a lean, mean browser, but became very bloated and slow over the years, feeling less and less "native" on macOS. Then they had a course correction and it finally feels like it belongs on macOS again. Chrome has always been a close cousin to Safari.

I've also used Opera, Brave and Vivaldi, but I keep coming back to Safari as my primary go-to browser. I just prefer its "look and feel" slightly better than the others. It feels the most "at-home" browser to me. But I do use other browsers for different purposes. macOS Keychain integration is a huge factor for me for choosing Safari.
Rating: 11 Votes

[ Read All Comments ]