Firefox 72.0 and Firefox ESR 68.4 have a critical security vulnerability that lets hackers take control of affected systems. Here is what you need to know to make sure your business’s Firefox web browsers are secure.

Hackers did not waste any time finding and exploiting a vulnerability in a new version of the Firefox web browser. Mozilla released Firefox 72.0 on January 7, 2020 — and a day later, the company issued a security advisory about a critical vulnerability in the app as well as released a patch to fix it. The bug is so serious that it prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an security alert urging company administrators and users to update their browsers. CISA is part of the US Department of Homeland Security.

A Chinese cybersecurity firm discovered the bug, which enables cybercriminals to take control of the affected systems. Hackers have already exploited this vulnerability in targeted attacks. For this reason, it is essential that Firefox browsers are patched as soon as possible. Besides Firefox 72.0, the Firefox Extended Support Release (ESR) 68.4 web browser is also affected.

How to Check the Firefox Version

Firefox is configured to automatically update by default, so it should automatically download any available patches when employees open the browser. Once an update is downloaded, all they need to do is relaunch the browser to install the patch. Because of the seriousness of the bug, though, it is a good idea to make sure that the patch for it has been successfully installed on all your business’s devices. To do so, open Firefox on each device and follow these steps:

  1. Click or press the menu button (the button with the three horizontal lines).
  2. Select “Options”.
  3. Scroll down to the “Firefox Updates” section in the “General” page.
  4. Look for the version number, which Figure 1 shows.

If the version is 72.0.1 or later, the patch has been successfully applied. (Mozilla released another update on January 20, 2020, to fix stability issues, so the version you see will likely see is 72.0.2.) For Firefox ESR, the version should be 68.4.1 or later.

What to Do If a Device Is Running Firefox 72.0 or Firefox ESR 68.4

If a device is running Firefox 72.0 or Firefox ESR 68.4, you should update the browser. The most common reason why a device does not have the latest Firefox version is that the browser has been configured to not automatically update. You can easily determine whether this is the problem by checking the “Allow Firefox to” setting under the version number. If “Check for updates but let you choose to install them” is selected, change the option back to “Automatically install updates”. You can wait a few hours for Firefox to update itself, or you can click or press the “Check for updates” button. In either case, once the patch is downloaded, you will need to restart the browser to install it.

There are other reasons why Firefox might not have the latest updates. For example, a device’s firewall might be preventing Firefox from checking for patches or a policy might be in place to disable Firefox update checks. So, if you find a device running Firefox 72.0, Firefox ESR 68.4, or an earlier version even though the browser is configured to automatically update, contact us so we can address the issue. We can also check the Firefox version on all your company’s devices if you do not have the time to do so.