Most of use the internet every single day, and if you do, then you’ll be using a web browser to access anything that’s not contained within an app. The most popular web browsers around include Google Chrome, Microsoft Edge, and Mozilla Firefox. In fact, unless you’re using an iOS device that has ‘Safari’ built in, we bet you’re using one of these browsers right now.
If you are using Firefox and are on version 67.0.03 or ESR 60.7.1, then you’re up to date with the latest security fixes. But if you’re not, then you’re going to want to update your web browser now. This is due to a warning from Mozilla, the company behind the Firefox web browser, which has warned that the software contains a zero-day vulnerability.
What’s a zero-day vulnerability?
This isn’t the first time that we’ve posted a warning about a zero-day vulnerability. Back in March 2019, a similar type of flaw was discovered in the Google Chrome browser software, proving that no company is safe from undetected software flaws.
When we say “zero-day”, we mean a security flaw that has been newly-uncovered; the developer has only learned of the problem as it is exposed, meaning that they have zero days with which to work in finding and applying a fix to protect users. And should a hacker exploit the flaw, this would be known as a “zero-day attack”. This is different to when a product has not yet been released or a bug is discovered by the company itself, meaning they can fix it before it is exploited.WiseGuys – March 2019
As we said back in March, if a hacker were to exploit such a flaw, it would be known as a “zero-day attack”. Well, in this case Mozilla are supposedly “aware of targeted attacks in the wild abusing this flaw“, meaning that hackers are indeed actively using the vulnerability. You’ll want to get patched up to date as soon as possible to ensure that you’re not one of the victims.
In most cases the software will auto-update when a patch is available; all you’ll need to do in such a scenario is reboot your browser by closing all windows, then opening a fresh instance of Firefox. However, you can also access the ‘hamburger menu’ – the 3 horizontal lines in the upper-right of the browser – and search for the “Update” feature in the search box. Firefox will usually return all your existing tabs once the update is complete.
We aren’t exactly sure what the intention behind the vulnerability is. However, the discovery of the vulnerability was credited to a member of Google’s Project Zero security team, a researcher who is also part of the Coinbase security team. Coinbase is a cryptocurrency trading platform, so it stands to reason that the exploit may relate to hackers attempting to steal such currencies.
Whatever the intended benefit to hackers in exploiting this vulnerability, you’ll be protected against it once you’ve updated your web browser. We’ll continue to watch your backs and report any more such issues that are found out in the wild, but if you have any other security concerns in the meantime, then get in touch with WiseGuys on 0808 123 2820.