Mozilla asks Firefox users to update their browsers

Mozilla has asked Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively utilizing to attack against users.

A Chinese security company named Qihoo 360 was the one to find the vulnerability first in Firefox’s just-in-time compiler. The primary function of the compiler is to speed up the performance of the JavaScript to make websites load faster. But researchers were able to find that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

This essentially means that an attacker can stealthily break into a victim’s computer by tricking the victim into accessing a certain website running malicious JavaScript code. As of now, Qihoo hasn’t revealed how the bug was exploited and who the attackers were or whom they were targeting.

Browser vulnerabilities attract a lot of heat in security circles because they can be used to infect vulnerable computers often silently and without the knowledge of the user and then be used to deliver malware. Browsers are also a big target for nation-states and governments who use it for surveillance.

These vulnerability exploiting tools are also widely used by federal agents to spy on criminals, but there’s also a downside to it as the same vulnerabilities can be used by threat actors if the authorities fail to report the vulnerability to software makers. Users have been asked to update to Firefox 72.0.1 which fixes the issue. Not much information was provided about the bug except that it can take control of the affected system.