“The advisory comes on the back of a patch, released for a critical bug that is seemingly allowing hackers worldwide to take control of vulnerable systems”
The Mozilla Foundation has issued a security advisory, insisting that users of the Firefox browser in both personal and enterprise setups update the application at the earliest. The notice comes on the back of a rather serious bug that apparently lets attackers inject code into your system using malicious pages that are replicated to look like official sites. Once the code is injected, the attacker could use this Firefox-enabled path to take control of vulnerable systems, which in turn could be used for a wide range of ransomware and other nefarious purposes.
The security updates to the Firefox browser have been rolled out as part of the Firefox v67.0.3 for personal users, and ESR v60.7.1 for enterprise administrators. According to the security disclosure given by Mozilla on its site, it has been revealed that the bug was brought to light by agency Coinbase Security and Google’s Project Zero employee Samuel Groß. The vulnerability rises out of an issue in an arbitrary array, because of which certain security lapses appeared in the code while manipulating the browser’s underlying JavaScript objects. With this being a fundamentally deep level issue, the security implications are such that it can give any attacker root-level access to remote systems.
Mozilla has further disclosed that the company is aware of this technique already being used for targeted attacks across the world, although it has not disclosed whether other services also face similar attacks owing to such root-level flaws. The security fixes were rolled out yesterday, and a subsequent security warning has also been issued by the United States Cybersecurity and Infrastructure Security Agency (US-CISA) as well regarding the updates, highlighting the gravity of the risk. In case you have not updated your system already, it is imperative that you do so right away.
