Update Your Firefox Browser, Save Your Crypto
If you use the Firefox Internet browser, and it’s not Firefox 67.0.3 or Firefox ESR 60.7.1 versions, it’s time for an urgent upgrade, if you want to save your crypto, that is.
Yesterday, Mozilla, the developer of the browser, made an announcement over an issue that has a “critical” impact. The company released these versions of the Firefox browser to solve a major vulnerability that is being abused in the wild, putting your privacy and your crypto in danger.
The security advisory issued by the Mozilla team explains the reason behind the move: “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”
Those who are given the credit for discovering this rare Firefox zero-day (tracked as CVE-2019-11707) are the Coinbase security team and a security researcher with Google Project Zero security team, Samuel Groß.
Besides the short description posted on the Mozilla site, there are no further details about this security flaw, the ongoing attacks, or what it is exactly that hackers are hoping to get out of exploiting this major flaw, but the assumption is that it’s aimed at owners of cryptos, which is why an immediate update is critical.
Updating the browser is simple:
- Tap the hamburger icon that you will find on the upper-right hand corner.
- Click “Help”
- Click “About Firefox”.
The About Mozilla Firefox window will open. Firefox will begin checking for updates and downloading them automatically.
When the download is complete, click Restart to update Firefox.
If the update didn’t start, didn’t complete or there was some other problem, check the official Mozzilla website for help.
________________________
________________________
As mentioned, Firefox zero-days are actually rather rare. It was December 2016 when the Mozilla team patched a Firefox zero-day the last time before this significant update. Back then, they fixed a security flaw that was being abused at the time to expose and de-anonymize users of the privacy-first Tor Browser. When it comes to other major companies, in March 2019 Google patched a zero-day in its browser, and this one was being used together with a Windows 7 zero-day as part of a highly complex exploit chain, which only serves to show that all zero-days patches are extremely urgent to fix and browsers must be immediately updated for individual user’s protection.
In either case, as many experts have stressed previously, crypto users should keep their private keys to their coins offline, e.g. in hardware wallets such as Ledger, Trezor, KeepKey and others.
