Leave a comment

Update now! Mozilla patches critical Firefox flaw

Update now! Mozilla patches critical Firefox flaw
© Dennizn | Dreamstime.com

Have you tried the latest version of Mozilla's web browser called Firefox Quantum yet? Released in November of last year, it boasts a new engine that is said to be twice as fast as older Firefox versions and around-the-clock tracking protection.

Along with other welcome improvements, Firefox Quantum is a big step forward in the right direction and it is exactly what Mozilla needs to regain back user share from the Google's Chrome browser juggernaut.

But as great as Firefox Quantum is, it is not immune to security flaws, of course.

As such, Mozilla advises Firefox users to update to the latest version immediately to protect themselves from this extremely nasty bug.

Firefox Quantum 58.0.1

Mozilla has just issued the Firefox Quantum 58.0.1 update to patch a critical security flaw in the web browser's user interface code.

The bug (CVE-2018-5124) was discovered by Mozilla engineer Johann Hofmann and it would have allowed an attacker to run unsanitized HTML code by exploiting Firefox's User Interface component to deliver malware, steal data or even take full control of a computer.

Severe flaw in Firefox UI component

Firefox's UI component, named "Chrome" UI (not to be confused with Google's Chrome browser, they're totally unrelated), is any visible part of the browser aside from the webpage itself. This includes Firefox's menu bar, toolbars, tab indicators, progress bars and user interfaces created by add-ons.

Since these UI components are not sandboxed from the code that powers Firefox webpages, an attacker can hide malicious code on a poisoned website then load it away from UI and straight into the browser or computer itself.

Similar to other remote code exploits, execution of this flaw depends on the current logged in user's permissions. This means damage on regular and guest accounts should be limited by their existing privileges. On admin accounts, however, the flaw can be extremely dangerous since it can be used to run unauthorized system-level commands.

Since these commands can be hidden inside HTML code and loaded without the user's knowledge, the flaw has been rated critical, with a CVSS severity score of 8.8 out of 10.

Update immediately

Firefox users are advised to update to version 58.0.1 immediately since hackers will inevitably include this exploit in their toolkits within the next few days.

Hackers can only use poisoned files and attachments to exploit this flaw so as usual, do not open email messages, links, and files from suspicious and unknown sources.

Firefox desktop versions 56.x, 57.x., and 58.0.0 are all affected. Firefox for iOS, Android, Amazon TV and Firefox Extended Support Release 52 are not affected.

How to update Firefox:

Ready to update to Firefox 58.0.1? Here's how you do it.

Firefox ordinarily updates itself when you open it; this is the default setting.

If you want to fetch the updates manually, here's how:

Mac:

  1. On the top menu bar, click Firefox >> About Firefox.
  2. When the "About Firefox" window appears, Firefox will automatically check for updates and downloads them if available.
  3. When the updates are ready, just click "Restart to update Firefox" to complete the process.

Windows:

  1. Click the hamburger icon (three horizontal lines) in the top right to bring up the menu.
  2. Click Help >> About Firefox.
  3. When the "About Firefox" window appears, Firefox will automatically check for updates and downloads them if available.
  4. When the updates are ready, just click "Restart to update Firefox" to complete the process.

You can also visit mozilla.com/firefox for the latest version.

Have a question about Firefox Quantum? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

In other news, ATM "jackpotting" scam hits the U.S.

If you think ATM skimmers are bad enough, there's another hacking threat that can potentially hit banks across the country and drain cash off ATMs. Click here to read more about this latest banking threat.

Next Story
Sponsored: How the best sheets you'll ever sleep on are made
Previous Happening Now

Sponsored: How the best sheets you'll ever sleep on are made

Amazon's Alexa is getting a new voice...you won't believe who it is!
Next Happening Now

Amazon's Alexa is getting a new voice...you won't believe who it is!

View Comments ()