Firefox users need to patch their browsers. Hackers have been exploiting a serious bug in the software, which can be used to take over the entire computer.

On Tuesday, Mozilla's security team warned about a critical "type confusion vulnerability" in the Firefox browser when it processes certain Javascript code. "This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw," the company's security advisory said.

No other details were given. So it remains unknown how the hackers have been exactly launching their attacks. But because the vulnerability involves processing Javascript, this may mean the bug can be triggered when visiting a malicious website or link.

The US Cybersecurity and Infrastructure Security Agency has also issued an advisory, which warns, "an attacker could exploit this vulnerability to take control of an affected system." Indeed, past type confusion flaws in software have been known to let hackers remotely execute code over a computer, which can pave the way for additional malware to be installed over an affected system.

Mozilla has patched the flaw with Firefox 67.0.3, which you can download over the company's website. It's also releasing the update automatically over the browser.To check if your browser has the update, go to "Firefox" on the menu bar, and then select "About Firefox." A new window should open that'll prompt the browser to download the latest version if it hasn't already been installed.

The same flaw was found in Firefox ESR, which is designed for large organizations such as businesses and schools. Affected users can patch their systems by downloading Firefox ESR 60.7.1.

Security researchers with Google and the cryptocurrency exchange Coinbase discovered the Firefox flaw.


ByMichael Kan



Total views: 5817