Update Firefox now, or risk falling victim to this security attack

(Image credit: Mozilla)

A new Firefox update has been released that includes a fix for a recently discovered drive corruption vulnerability. Version 85.0.1 of the browser patches the NTFS bug, as well as four other vulnerabilities.

Last month, a zero-day exploit was discovered that could crash Windows 10 devices simply by getting them to access the $i30 NTFS attribute. As web browsers could be used to trigger this error, Mozilla got to work on creating a patch for its Firefox offering.

Before the new update, trying to access c:\:$i30:$bitmap via the browser’s address bar would trigger the NTFS corruption flaw. However, with version 85.0.1 installed, Firefox will ignore the request, saving the user from a potential headache.

More patches

The initial discovery of the $i30 vulnerability was unusual, with security researchers unsure why the '$i30' string corrupted the NTFS drive. Sometimes, rebooting and performing chkdsk would clear up the drive corruption error but some Windows 10 users found that problems with the NTFS drive persisted.

Given that the vulnerability was relatively easy for threat actors to exploit, a third party software firm, OSR, released a workaround that blocked access streams containing the $i30 attribute. 

A proper Windows update fixing the flaw is still being waited on even though the vulnerability has been flagged repeatedly, and it’s likely that this fix will be delivered via Microsoft’s next Patch Tuesday release.

At least now Firefox users shouldn’t have to worry about the flaw. Relaunching the browser should lead to the necessary update being downloaded automatically, but users can also click on the Firefox Menu and search for a new update if they want to check that they are running the latest version.

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.