Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Update Your Firefox Now: Mozilla Just Patched a ‘Critical’ Security Flaw

Image: Mozilla
Image: Mozilla

Firefox version 57, otherwise known as Firefox Quantum, has done wonderful things to help get Mozilla’s open-source web browser back in shape, but along the way, the company has made a few mistakes. One of the biggest of Mozilla’s recent flubs was an exploit hidden in Firefox’s user interface code that made it possible to for an attacker to run unsanitized HTML on a user’s computer.

Advertisement

Thankfully, the issue has been patched in the latest update for Firefox (version 58.0.1), but essentially the exploit took advantage of Firefox’s Chrome UI component (unrelated to Google’s web browser of the same name), which was not properly sandboxed, allowing potentially malicious code to make its way over to the browser itself and run commands there or on the host computer. As Bleeping Computer notes, the “Chrome UI” term refers to Firefox’s user interface design elements, like “menu bars, progress bars, window title bars, toolbars, or UI elements created by add-ons.”

Any code run this way was restricted by a user’s system privileges, which means damage was somewhat limited on regular accounts. However, if you were using an admin-level account, it’s possible that any problematic code could have affected the entire computer without the user ever knowing.

Advertisement

The security hole was present in the past three major iterations of Firefox, versions 56, 57, and 58, so if you haven’t updated your browser, you should really go do that now—especially since the flaw has been labeled with a “critical” impact level by Mozilla’s own security advisory.

[Bleeping Computer]

Senior reporter at Gizmodo, formerly Tom's Guide and Laptop Mag. Was an archery instructor and a penguin trainer before that.

Share This Story

Get our newsletter

DISCUSSION

eyebreakthings
EyeBreakThings

However, if you were using an admin-level account

Please, please do not run anything with admin-level access unless it is required. Use user-level accounts and elevate when needed.