Zero-day vulnerability found in Firefox browser – Update now!


Staff member
A serious zero-day vulnerability has been found in the popular Firefox browser and users are advised to ensure that they have the latest version installed.
The vulnerability could allow crooks to automatically execute malicious code inside the victim’s browser when they visit an affected webpage, which could then lead to any number of different scams. This exploit is particularly serious since no user interaction is required (other than visiting an affected webpage) to be at risk of being a victim.
That’s bad. In fact, serious zero-day exploits found in popular web browsers are comparatively rare. The last time Mozilla [Firefox] had to patch a zero-day exploit was back in 2016.
What’s a zero day vulnerability?
A zero-day vulnerability is a vulnerability that is already being exploited by the bad guys before the good guys even knew of its existence. The “zero-day” part refers to the number of days the good guys (i.e. the developers) had to fix the vulnerability before crooks would try and exploit it. Obviously, if the bad guys are already using it to attack victims before the good guys even knew about it, that number is going to be zero.

What should I do?
Simply, make sure Firefox is up-to-date. You should have version 67.0.3 or above. Luckily updating Firefox is easy peasy, since it checks for updates each time you start it and should apply them. If you’re not sure or want to force Firefox to update, simply click the three lined “hamburger” icon on the top right and select Help and then About Firefox. Then restart the browser.
That will force the browser to check for any updates as well as tell you what version you’re currently using. Don’t use the browser until it is up-to-date.
How is the zero-day vulnerability being exploited?
Mozilla, the developer of Firefox, has said they’ve seen reports on crooks using this zero-day already, but there are little details on exactly how that is happening. Fortunately this vulnerability isn’t serious enough to give crooks access to a victim’s entire device (at least not by itself) but there are still a number of scams crooks could potentially pull off by exploiting this vulnerability alone.