Mozilla has released security updates for its Firefox browser in conjunction with a US Cybersecurity and Infrastructure Security Agency (CISA) advisory warning that critical vulnerabilities in the browser are being actively exploited.
“An attacker could exploit these vulnerabilities to take control of an affected system,” US CISA said, without providing any specific details about the two bugs. “These vulnerabilities have been detected in exploits in the wild.”
To address these flaws, Firefox was updated to version 74.0.1 and Firefox Extended Support Release (ESR) – a slower evolving version for enterprises – was updated to 68.6.1. Firefox users should automatically receive these updates unless this capability has been disabled. Users can also check their version of Firefox via the Firefox -> About Firefox menu and manually initiate an update if one is available.
The bugs were reported by security researchers Francisco Alonso and Javier Marcos, the latter affiliated JMPSec. Reached via Twitter, Marcos declined to comment further.