U.S. Department of Homeland Security Urges Firefox Users to Install Update Amid Active Attack

[NickR2]

The United States Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, this week urged customers who are using the Firefox browser to upgrade to version 72.0.1, as there is a major vulnerability in older versions of the Firefox browser.

Mozilla released Firefox 72.0.1 on Wednesday to address a security issue that allows malicious entities to run unauthorized code on a target computer through a webpage, letting them take control of an affected system. From Mozilla:As the above quote states, there are known targeted attacks exploiting this flaw, which means it's important for all Firefox users to upgrade, including enterprise users.

The vulnerability was first discovered by Chinese company Qihoo 360 two days after the release of Firefox 72, but there is no word on how long the bug has been exploited nor who used the vulnerability or who might have been targeted. This is the third zero-day vulnerability that Mozilla has addressed within the last year, with the company patching two other major vulnerabilities in June 2019.

MacRumors readers who use Firefox for Mac but have not installed the latest version should make sure to do so. The latest version of Firefox can be downloaded from the Mozilla website or through the update function within Firefox itself.

Article Link: U.S. Department of Homeland Security Urges Firefox Users to Install Update Amid Active Attack

Is iOS Version 21.0 (16918) the latest?

 

[russell_314]

Wait when is the US government interested in security updates on my web browser... My question is what spyware did Mozilla install for the US government in this update 😂

 

[bsolar]

Is iOS Version 21.0 (16918) the latest?

This specific issue is irrelevant for Firefox in iOS since third-party browsers in iOS cannot use their own JIT Javascript compilers but have to use the Javascript compiler provided by iOS.

 

[russell_314]

Firefox is pretty awesome on MacOS. Having actual functional extensions makes it absolutely worth it over Safari.

This is why I use Firefox over Safari. I only use Safari for paying bills and some online shopping.

 

[bsolar]

I switched to Firefox after using Chrome for many years. Whilst I find Firefox much less resource-hungry compared to Chrome, I've noticed that a lot of webpages fail to function correctly because of Firefox's aggressive blocking of scripts, trackers and other protection measures.

It gets quite frustrating and means I have to revert to Chrome for the websites that don't work.

Firefox's blocking is quite configurable: you can change how strict it is in general or if you wish to disable or tweak it for some specific site you just need to click on the little "shield" icon on the left of the address.

 

[Jsfrederick]

Another thumbs for Brave. I use their iOS version as well as it supports WebAuthn security keys such as the YubiKey 5Ci. Even before Safari added support in iOS 13.3

 

[Seoras]

Thanks for sharing this, front page, MR. I updated immediately.

 

[russell_314]

Thanks for sharing this, front page, MR. I updated immediately.

Mine said there was an update asking to close and did it automatically.

 

[gc15]

Does anyone think we should change our passwords that were stored in the firefox browser?

 

[falainber]

see, told ya to stick with chrome! with chrome, only google can steal your stuff, nobody else.

Did Google steal something from you?

 

[indychris]

"360 two days..."???

Is that 362 days, or 720 days?

 

[LizKat]

I switched to Firefox after using Chrome for many years. Whilst I find Firefox much less resource-hungry compared to Chrome, I've noticed that a lot of webpages fail to function correctly because of Firefox's aggressive blocking of scripts, trackers and other protection measures.

It gets quite frustrating and means I have to revert to Chrome for the websites that don't work.

I've bumped into having to use Safari a few times recently after some FF update awhile back, notably couldn't get Audible to let me log in at all, it just ignored clicks on "Sign In", even if I disabled my own script filters. Probably some cross-site shenanigans between Amazon and Audible that Firefox is not liking. But on Safari whatever FF was hanging up on must run ok because I can log in. But it's annoying. I don't want to switch back to Safari in general, at least not right now.

Every time I have cause to land at Audible though, of course I'm in FF and it balks and I go nuts. I tried workaround of just going through Amazon to get to Audible but I can't see my library, just buy new stuff. So it's either fire up Safari or else backburner the reason I was going to Audible anyway. Gawwwrrrrrrgh.

 

[timidpimpin]

Well there goes the rest of their market share.

That's because the market is filled with ignorant people who don't know any better. In the open source OS world Firefox is #1 by a lot. Because the people in that market are largely not ignorant.

 

[PsyOpWarlord]

Mosaic or nothing.

Wildcat! BBS and a stack of 1200/2400 baud modems is where the fun was at.

 

[FamVR]

"360 two days..."???

Is that 362 days, or 720 days?

Qihoo 360 Technology Co. Ltd is a Chinese Internet security firm.

And this is what you get for dumping Mr. JavaScript Brendan Eich...
[automerge]1578732508[/automerge]

That's because the market is filled with ignorant people who don't know any better. In the open source OS world Firefox is #1 by a lot. Because the people in that market are largely not ignorant.

Sorry. I, even as former Mozilla developer, have to correct you on this. That is Linux.

 

[rjp1]

ungoogled chromium - Chrome without google

 

[bsolar]

Probably some cross-site shenanigans between Amazon and Audible that Firefox is not liking. But on Safari whatever FF was hanging up on must run ok because I can log in.

The "little shield" on the site should provide a report of what was blocked which might help in finding out what's preventing the site to work.

My suggestion is to first temporarily disable blocking completely, clear caches and check whether it works: if it does then it's clear the problem is blocking and it can be re-enabled and tweaked until that site starts working again.

It can be an hassle, but it's the price of privacy and security: I'd rather spend some time finding out the minimum amount of permissions I can give to the sites who refuse to work with strict blocking than just open the gates for everyone out of convenience.

 

[Solomani]

Give it up for OPERA

 

[timidpimpin]

Sorry. I, even as former Mozilla developer, have to correct you on this. That is Linux.

I don't understand what you're correcting. I said open source OS because it's heavily used on BSD also.

Also... how can a developer of any kind not understand that there are open source operating systems that are not Linux? You've never heard of UNIX? That's what BSD is, and that's what the macOS kernel is. I guess I should apply for a job at Moziilla, as I'm certainly more qualified than you.

So again I ask you... what exactly are you correcting?

 

[opeter]

We use Firefox because it has very excellent translation. Safari is not usable for people, who don't speak/can't read english.

 

[justperry]

The United States Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, this week urged customers who are using the Firefox browser to upgrade to version 72.0.1, as there is a major vulnerability in older versions of the Firefox browser.

Mozilla released Firefox 72.0.1 on Wednesday to address a security issue that allows malicious entities to run unauthorized code on a target computer through a webpage, letting them take control of an affected system. From Mozilla:As the above quote states, there are known targeted attacks exploiting this flaw, which means it's important for all Firefox users to upgrade, including enterprise users.

The vulnerability was first discovered by Chinese company Qihoo 360 two days after the release of Firefox 72, but there is no word on how long the bug has been exploited nor who used the vulnerability or who might have been targeted. This is the third zero-day vulnerability that Mozilla has addressed within the last year, with the company patching two other major vulnerabilities in June 2019.

MacRumors readers who use Firefox for Mac but have not installed the latest version should make sure to do so. The latest version of Firefox can be downloaded from the Mozilla website or through the update function within Firefox itself.

Article Link: U.S. Department of Homeland Security Urges Firefox Users to Install Update Amid Active Attack

Maybe a good idea to mention if this concerns Firefox on a Mac, it's not mentioned, it might only affect Firefox on Windows/Linux/others.

I have my doubts, also because the recommendation comes from a dubious department.

 

[nylonsteel]

"IonMonkey JIT compiler..." makes me think of iron monkey for some reason.
wonder who is behind the exploit

 

[RalfTheDog]

Does anyone think we should change our passwords that were stored in the firefox browser?

Yes, not because of this exploit. You should change your passwords on a regular scedule.

 

[seanmcbay]

I stick with Safari and only use Chrome for the rare moments when something won't support it.

 

[coolfactor]

I switched to Firefox after using Chrome for many years. Whilst I find Firefox much less resource-hungry compared to Chrome, I've noticed that a lot of webpages fail to function correctly because of Firefox's aggressive blocking of scripts, trackers and other protection measures.

It gets quite frustrating and means I have to revert to Chrome for the websites that don't work.

But that's the whole point... why does there just have to be a single browser choice. Keep 3 or 4 in your Dock, and open up the one that's a best fit for what you're doing.

I use Safari for my web development, and Chrome to watch Netflix on a second monitor. Fire up Vivaldi or Firefox to do some web testing.

Break free from thinking you need to "choose" just one, and life becomes less stressful. 🤣