Mozilla has released an urgent Firefox update after discovering a serious security vulnerability that could allow attackers to take control of users' computers.
The problem affects desktop versions of the browser, including Firefox ESR, which is intended for use by system administrators who control desktop environments in schools, offices, governments and other organizations.
Mozilla hasn't given specific details of how the problem had been exploited, but credited Chinese internet security firm Qihoo 360 with discovering it.
- These are the best web browsers of 2020
- Find out how to enable dark mode for Firefox
- Here's how to enable dark mode for Google Chrome
As Ars Technica explains, CVE-2019-17026 is a type of weakness that could result in data being written to, or read from, areas that are normally out of bounds. This could allow an attacker to run malicious code, or cause the browser to crash.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” Mozilla explained on its security advisory page. “We are aware of targeted attacks in the wild abusing this flaw.”
Update your browser
The vulnerability (indexed as CVE-2019-17026) has been patched with the Firefox 72.0.1 update. This should be installed automatically next time you restart the browser.
You can find out which version of you're currently running and force an update manually by entering about:preferences#general in the address bar, scrolling down to 'Firefox updates' and clicking 'Restart to update Firefox' if the option is available.