Ready to update to Firefox 58.0.1? Here’s how you do it.įirefox ordinarily updates itself when you open it this is the default setting. Firefox for iOS, Android, Amazon TV and Firefox Extended Support Release 52 are not affected. Hackers can only use poisoned files and attachments to exploit this flaw so as usual, do not open email messages, links, and files from suspicious and unknown sources.įirefox desktop versions 56.x, 57.x., and 58.0.0 are all affected. Update immediatelyįirefox users are advised to update to version 58.0.1 immediately since hackers will inevitably include this exploit in their toolkits within the next few days. Since these commands can be hidden inside HTML code and loaded without the user’s knowledge, the flaw has been rated critical, with a CVSS severity score of 8.8 out of 10. On admin accounts, however, the flaw can be extremely dangerous since it can be used to run unauthorized system-level commands. This means damage on regular and guest accounts should be limited by their existing privileges.
Similar to other remote code exploits, execution of this flaw depends on the current logged in user’s permissions. Since these UI components are not sandboxed from the code that powers Firefox webpages, an attacker can hide malicious code on a poisoned website then load it away from UI and straight into the browser or computer itself. This includes Firefox’s menu bar, toolbars, tab indicators, progress bars and user interfaces created by add-ons. Severe flaw in Firefox UI componentįirefox’s UI component, named “Chrome” UI (not to be confused with Google’s Chrome browser, they’re totally unrelated), is any visible part of the browser aside from the webpage itself.
#Critical firefox update download full
The bug ( CVE-2018-5124) was discovered by Mozilla engineer Johann Hofmann and it would have allowed an attacker to run unsanitized HTML code by exploiting Firefox’s User Interface component to deliver malware, steal data or even take full control of a computer.