right arrow
Examples: Monday, today, last week, Mar 26, 3/26/04
COMING SOON "Ask The Expert" live event w/ the CC Dean, Sally Rubenstone, on Feb. 22 at 12:00 pm ET. This event is exclusively for registered members. CREATE YOUR CC ACCOUNT NOW to receive event updates!

Firefox attacks: Homeland Security urges all users to update browsers immediately

Dave_BerryDave_Berry 492 replies2783 threadsCC Admissions Expert CC Admissions Expert
"If you use Mozilla Firefox’s web browser you’ll want to drop what you are doing right now and update it. That urging doesn’t just come from Mozilla–it comes from the United State’s Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

The issue is Firefox versions for desktop older than the just-patched version contains a critical vulnerability that could allow an attacker to take control of a user’s entire operating system–no matter whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade." ...

https://www.fastcompany.com/90450626/firefox-attacks-homeland-security-urges-mac-users-to-update-browsers-immediately-in-rare-warning
7 replies
· Reply · Share

Replies to: Firefox attacks: Homeland Security urges all users to update browsers immediately

  • OHMomof2OHMomof2 13219 replies247 threads Senior Member
    Firefox on the desktop updates itself.
    · Reply · Share
  • taverngirltaverngirl 1320 replies37 threads Senior Member
    Crud. Mine just updated the other day and has been completely wonky since then.
    · Reply · Share
  • DadTwoGirlsDadTwoGirls 5970 replies1 threads Senior Member
    " Firefox on the desktop updates itself."

    True. However, periodically it asks if you want to restart Firefox to get the most up to date version. I have now said "yes" thanks to this warning.
    · Reply · Share
  • me29034me29034 1791 replies91 threads Senior Member
    edited January 10
    It only updates automatically if you have your preferences set that way. I must use Firefox for work and unfortunately the latest version doesn’t work with some of our certificates so we’ve been instructed to use an old version. I wonder what they’ll say now.
    edited January 10
    · Reply · Share
  • ucbalumnusucbalumnus 80109 replies720 threads Senior Member
    edited January 10
    "that could allow an attacker to take control of a user’s entire operating system"

    Rather alarmist, since that would only apply if you browse with administrator/root accounts, or a crack also gets through another vulnerability that allows privilege escalation.

    But still, it is best to keep all software updated with security fixes. There are probably many people who have lots of software (not just web browsers) on old versions with known security vulnerabilities. Mobile device OSes are often tardy with security fixes even if the user makes sure to get the latest versions.
    edited January 10
    · Reply · Share
  • ChoatieMomChoatieMom 5465 replies260 threads Senior Member
    edited January 10
    Rather alarmist, since that would only apply if you browse with administrator/root accounts, or a crack also gets through another vulnerability that allows privilege escalation.

    Doesn't matter what privileges the device owner/program has or is using at the time of breach. If the hacker can just get access to the device, even with normal user privileges, they will bring with them the software "that allows privilege escalation." (Our son is trained to do this and, at times, I had to do this in a previous life as a sys admin.) That's the problem. You have to prevent the break-in. For a knowledgeable hacker, access=full rights on any OS. Security is an illusion.
    edited January 10
    · Reply · Share
  • ucbalumnusucbalumnus 80109 replies720 threads Senior Member
    ChoatieMom wrote: »
    For a knowledgeable hacker, access=full rights on any OS. Security is an illusion.

    That connotes the idea that any security measure or defense in depth is useless, when the reality is that crackers come in various levels of skill and resources. If you are targeted by a nation-state actor, then you will be up against a much greater challenge than if you are just getting script kiddies sending you spam emails trying to get you to click on a link to a malicious web page (the latter being far more common for most people).

    Browsing as a low privilege user instead of an administrative user means that a cracker needs to crack both the browser and succeed in a privilege escalation crack to gain administrative privileges -- i.e. two cracks instead of one. While one with high skill and resources is more likely to be able to do that, those with lesser skill and resources may be stopped (although they may still gain access to whatever the low privilege user is allowed to access).

    Obviously, you want to install the security fixes in your browser. But you should not ignore other security precautions that can help against a large percentage of possible attackers.
    · Reply · Share
Sign In or Register to comment.

Recent Activity