It’s not unusual for a browser to receive a fix for a severe flaw, but the patch is usually pushed out before anyone can take advantage of it. Unfortunately, it seems that bad actors have found an exploit within Firefox and are actively using it right now. Mozilla has pushed an update for its browser to fix this issue, so it’s well worth giving it an update if you haven’t already.
Mozilla Confirms a Severe Flaw in Firefox
In a post on the Mozilla website, the browser company details what this exploit did:
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.
While exploits can come in all shapes and sizes, code execution is a particularly nasty one. It allows a hacker to run code that they’ve written on your PC, which can either steal your personal information or download a malware installer that grabs even more viruses to infect your PC.
In this particular exploit, the hacker noticed that Firefox’s Animation timelines still read sections of your computer memory that it wasn’t using anymore, a type of exploit called “use-after-free.” That way, they can inject their malicious code into that slot in the memory, and then ask Firefox to run it.
How to Protect Yourself From the Exploit
Fortunately, while Mozilla has confirmed that bad agents are using this attack on people, you can prevent it by updating Firefox. This will find the latest update including a patch for the exploit and apply it to your browser. Give Firefox a restart, and you’re safe from this exploit.
If you need help, check out our guide on how to update Chrome, Firefox, and Edge for detailed instructions.