You should update Firefox now to patch a serious security flaw – here's how

Firefox icon
(Image credit: Shutterstock)
Audio player loading…

Mozilla has released an urgent Firefox update after discovering a serious security vulnerability that could allow attackers to take control of users' computers. 

The problem affects desktop versions of the browser, including Firefox ESR, which is intended for use by system administrators who control desktop environments in schools, offices, governments and other organizations.

Mozilla hasn't given specific details of how the problem had been exploited, but credited Chinese internet security firm Qihoo 360 with discovering it.

As Ars Technica (opens in new tab) explains, CVE-2019-17026 is a type of weakness that could result in data being written to, or read from, areas that are normally out of bounds. This could allow an attacker to run malicious code, or cause the browser to crash.

"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion," Mozilla explained on its security advisory page (opens in new tab). "We are aware of targeted attacks in the wild abusing this flaw."

Update your browser

The vulnerability (indexed as CVE-2019-17026) has been patched with the Firefox 72.0.1 update. This should be installed automatically next time you restart the browser.

You can find out which version of you're currently running and force an update manually by entering about:preferences#general in the address bar, scrolling down to 'Firefox updates' and clicking 'Restart to update Firefox' if the option is available.

Cat is the editor of TechRadar's sister site Advnture. She’s a UK Athletics qualified run leader, and in her spare time enjoys nothing more than lacing up her shoes and hitting the roads and trails (the muddier, the better)