If You Use FireFox, You’re Going to Want to Read This…

firefox_vulnerability

If You Use FireFox, You’re Going to Want to Read This…

firefox_vulnerability

Stemming from a “zero-day vulnerability” found within the code of Firefox’s recent 72.0 update, Mozilla has released yet another patch to counteract a series of exploitative attacks. In turn, the United States Cybersecurity and Infrastructure Agency issued an alert to all Mozilla Firefox users on January 8, 2020, requesting that they update the web browsing program to version 72.0.1 immediately.

Although it’s quite normal for Mozilla to regularly update its Firefox application to resolve minor bugs, releasing two major updates within one day of each other signifies that there are some major risks to be made aware of.

Quick Recap on Zero-Day Vulnerabilities

If you missed Rocket IT’s previous post on Google Chrome’s latest zero-day vulnerability, here is a synopsis. The easiest way to describe a zero-day vulnerability is to think of it as a security flaw that is discovered almost immediately after a software releases an update or patch. Typically, digital research firms spend hours perusing code, trying to find and address risks before hackers ever have a chance to exploit the code. Unfortunately, these researchers aren’t always the first on the scene; giving cybercriminals an opportunity to maliciously attack unsuspecting users.

What Do I Need to Know?

While there’s no doubt that Mozilla’s recent hiccup placed millions of users at risk, the developer has remained quiet; releasing very little information on how the event transpired. Instead, the organization provided concerned readers with some simple patch notes, stating that it is “aware of targeted attacks in the wild abusing this flaw” and a “security fix” had been dispersed.

Example of Type Confusion

Fortunately, thanks to the efforts of Qihoo, the Chinese internet security firm that discovered the vulnerability, we have an idea of how hackers were exploiting the software. Cutting through all the technical jargon in Mozilla’s notes, readers can see that the cause of the attacks were derived from a “type confusion vulnerability”. Simply put, this occurs when the software attempts to read a string of incompatible code, which then triggers a series of errors because the browser doesn’t have the correct resources to run the code. The end result is Firefox being tricked into reading content that is stored outside of the application’s memory.

While this can sometimes result in the application crashing, hackers have found a way to store malicious code outside the boundaries of seemingly normal web pages. In turn, when a user visits one of these unsafe sites, their device may become infected. Although Mozilla has yet to state the impact of these exploits, know that many zero-day vulnerabilities can result in cybercriminals gaining access to the computer and escalating user privileges; allowing them to creep deeper into the network.

How to Update Your Browser

Because this vulnerability is still new and has only recently been brought to light, it’s safe to say that a fair number of cybercriminals are still attempting to use this method of attack. As a result, it’s important that Firefox users update their computer web browsers to the latest version immediately.

While Firefox typically does a good job at automatically forcing browser updates, Rocket IT asks that users of this platform check their current browser version. To complete this task, open the Firefox browser and click the collapsed menu icon in the top-right corner of the window. Navigate to “Help”, and then click the “About Firefox” menu item to review your browser version.

Firefox About, software version, licensing info

For users that see a number below 72.0.1, Firefox will begin to search for updates. If a new version of the platform is found, it will begin downloading automatically. After this step is complete, it is imperative that you save your work and restart Firefox for the update to finish installing.

What’s Next?

This isn’t the first zero-day vulnerability Firefox users have experienced, and you can certainly guarantee it won’t be the last. Just last June, Mozilla discovered two vulnerabilities allowing untrusted software to gain access to sensitive parts of Apple’s Mac operating system.

As technology continues to advance, it’s likely that vulnerabilities, such as the one Firefox experienced, will relentlessly threaten the security of web users. Because of this, it’s crucial that those interested in protecting their digital assets remain aware of trending dangers. Through Rocket IT’s newsroom, readers are regularly provided with important updates and helpful content; making it easy to remain vigilant on the technology forefront. To stay up-to-date on current tech trends, subscribe to the Rocket IT newsletter using the form below; or follow us on Facebook, LinkedIn and Instagram.