Even though you probably just updated your Firefox desktop browser to version 72 (released Tuesday), make sure you run one more update to nab a special patch that Mozilla released yesterday. It fixes a zero-day vulnerability that, if exploited, could allow an attacker to “take control of an affected system.”
The above warning comes from the U.S. Cybersecurity and Infrastructure Security Agency. (“Zero-day vulnerability” means that an attacker discovered the issue and used it to cause trouble, and that’s how Mozilla found out about the vulnerability.)
While the temptation might be strong to say you’ll get to it later, Mozilla notes in its own advisory that “We are aware of targeted attacks in the wild abusing this flaw.”
While the odds are technically low that you’ll be hit with a hack, given how many Firefox users there are worldwide, I wouldn’t put off this update if you’re a big Firefox fan.
As always, all you have to do to update your browser is to click on the triple-line “hamburger” icon in the upper-right corner, and then click on Help > About Firefox (for Windows users). If you’re a Mac user, you’ll simply click on “Firefox” in your Menu Bar and select “About Firefox.”
When you do this, you’ll see a screen that looks like this, and you’ll have to briefly restart your browsing session to apply the update.
You might even not make it this far. Dawdle long enough, and you’ll get this popup directly in your browser:
Mozilla didn’t go into a great amount of detail about how attackers were exploiting this vulnerability to take control of systems, but did note that the attack was based on a “type confusion.” In other words, the attackers found a way to read or write data in memory locations they wouldn’t normally be able to access—bypassing protections that would normally prevent them from doing so.