If you are a Firefox user, you might want to stop what you are doing and update your browser. Mozilla has just released a security advisory warning of a severe vulnerability affecting almost all versions.

Currently, both Mozilla’s Firefox and Firefox ESR products are affected by the security vulnerability — with all versions of the browsers, barring the latest releases, being vulnerable. Because of this, it is highly recommended to update to the latest version of the browser, either Firefox 67.0.3 or Firefox ESR 60.7.1.

A full description of the vulnerability, as provided by Mozilla, is shown below:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.

Advertisement
Continue reading below

A Critical Firefox Flaw

In essence, this simply means that a javascript exploit can be used to crash Firefox — an event which can be used to execute malicious code on the machine without permission from the user.

The exploit is rated as critical, the highest impact level, since the vulnerability can be used to install code and software on affected devices without requiring any specific user interactions — just normal browsing of a compromised site.

It is currently unclear whether the same exploit can be used to target users of other browsers, though it may be wise to assume that Firefox clones, such as Waterfox and Pale Moon, may vulnerable.

Unlike many security vulnerabilities detected by Mozilla, this one is rare — in that it has been shown to be used in the wild to exploit users. Naturally, cryptocurrency users are likely among the first to be targeted by the exploit, though the full reach of the issue remains to be seen.

Update Windows While You’re at It

In other news, Microsoft just released a warning that its new KB4503327 security upgrade may cause a temporary black screen on certain devices. If you are a Windows users presented with this issue, don’t worry. You haven’t been hacked. A simple forced-restart, executed by pressing CTRL+ALT+DELETE and selecting the restart option, should resolve the issue.

Have you come across any websites exploiting the new Firefox vulnerability? Help us warn other users by leaving them in the comments below!