In rare warning, Homeland Security urges immediate Firefox update


A Firefox security flaw needs to be patched as quickly as possible.
Photo: Mozilla

Everyone running the recently-released Firefox 72 on their Mac should install a patch immediately. The security vulnerability in this web browser is severe enough for a US Homeland Security agency to encourage users to install the update. Mozilla says it’s already aware of attacks that use this Firefox security flaw.

Critical Firefox security flaw

Firefox version 72 only came out Tuesday, but a security vulnerability turned up very quickly. A flaw in the Just-In-Time (JIT) compiler for the JavaScript engine allows unauthorized code to be run on a targeted computer simply by opening a specially-designed web page.

Mozilla, developers of the Firefox browser, said “We are aware of targeted attacks in the wild abusing this flaw.”

A statement from the Cybersecurity and Infrastructure Security Agency (CISA), a department charged with reducing threats to the US cyber infrastructure, “encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”

A free update to Firefox 72.0.1 for Mac is available now on Mozilla’s website. It was created specifically to close this Firefox security flaw, which also affects the Windows version.

Sources: Mozilla and CISA