In a never-ending effort to keep our clients aware of known and potential cyberthreats that could impact the privacy, security, and vulnerability of you, and your business, critical information and data, we wanted to alert you to a recent flaw discovered in the Mozilla Foxfire web browser. Mozilla Foundation released a security advisory to address a critical zero-day flaw in Mozilla Firefox which has been exploited in targeted attacks. Mozilla’s advisory states they are “aware of targeted attacks in the wild abusing this flaw.” Successful exploitation of this vulnerability could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac.
To address CVE-2019-17026, Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. Because this vulnerability has been exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.
By default, Firefox will update automatically, but you can always do a manual update. Manual updates will still let Firefox download an update, but it won't install it until you restart Firefox. Here's how to set it up:
1. On the menu bar click the Firefox menu and select About Firefox.
2. The About Firefox window opens. Firefox will check for updates and download them automatically.
Get more information
• Mozilla Foundation Security Advisory for CVE-2019-17026