Both Mozilla, the company behind Firefox, and the US Cybersecurity and Infrastructure Security Agency, CISA, have warned of a serious security flaw in the browser
“We encourage all users and administrators to review the Mozilla security warning and apply the necessary updates.” It is the brief but crucial note released by The Cybersecurity and Infrastructure Security Agency, CISA, about a serious security flaw found in the Firefox browser. This is what is called a ‘zero-day’, an unknown error and not detected until now, which was exposed in a completely open way and being used by ‘hackers’ to launch attacks.
The CISA notice comes a few hours after Mozilla itself notified yesterday of the bug, in a brief note in which she did not give many technical details but in which they recognized that the error was “critical” and was being used to launch custom attacks. Through this failure, a ‘hacker’ could take absolute control of the user’s computer and access all the data stored in it.
Mozilla has published an emergency patch that fixes the problem, so if you haven’t updated your browser yet, do it right now. To do this, in the menu bar, click on Firefox and select About Firefox. Once there, the About Mozilla Firefox Firefox window will open and Firefox will start checking for updates and will start downloading automatically. When the download is complete, you must restart the system for the update to take effect.
Some cybersecurity specialists say that the key to the fault may be that the browser’s sandbox, the system used to protect against security breaches by isolating code that has not yet been thoroughly tested, had been compromised. The vulnerability has been named CVE-2019-17026 and affects both the browser used by users and Firefox ESR, the version used by many organizations. It is not the first time, much less than Firefox patches a ‘zero-day’, something that both Chrome and IE from Microsoft have had to do in the past.