If you don’t use Google Chrome or Microsoft Edge as the default web browser and Firefox is your choice then a new security vulnerability has been reported this week on TechCrunch, and Mozilla is asking its users to update to the latest version of the browser right away. The organisation shared this development on 8 January.
The issue was so serious that even the cybersecurity wing of the US Department of Homeland Security, which is called the Cybersecurity and Infrastructure Security Agency, had to intervene and urge users of the web browser to take action before it affects their system and they lose data if at all.
The vulnerability was found in the Firefox 72 version which allowed third-party actors to feed malicious code into a system through a web page on the browser and gain access to their machine.
The vulnerability was first discovered by a Chinese security company Qihoo 360, two days after Firefox version 72 was released for the public. Reports suggest this is the third zero-day vulnerability that Mozilla had to fix in Firefox over the past 12 months, with the last one reported back in June 2019.
Zero-day vulnerabilities are those computer program issues that are known and those responsible for its security have not addressed it yet. Leaving them vulnerable for a long time puts them in danger of attacks from outside actors.
The worrying bit about the Firefox bug is that Mozilla hasn’t shared details like how long the vulnerability was left open, who could have possibly used it to attack certain users, and if so, who might have been affected already.
Having said that, updating to Firefox version 72.2 should be done ASAP, which will ensure you can minimise the impact of the vulnerability from the affected version of the web browser.
Zero-day vulnerabilities are pretty common these days, which is why having a structured bug bounty programme in place is ideal to avoid such mishaps that are not detected early enough.
Google, Facebook and even WhatsApp have their set of such bug bounty programmes, where those reporting issues/bugs are handsomely rewarded.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)