Updated: Firefox Security Vulnerability

If you use Firefox as your web browser, you should update it now to version 50.0.2 (or a later one if it exists).

Late last night, someone disclosed a vulnerability that is present in the ToR and Firefox web browsers on a public mailing list. This vulnerability may allow an attacker to run code on your computer if you visit an infected web site. You can read more about the vulnerability and how it works here. ArsTechnica and The Register are also doing a great job of covering this.

While the bug is definitely exploitable in the ToR browser, it is not yet clear if it can be exploited in current versions of Firefox.

You should immediately update Firefox to version 50.0.2.

What do I do right now?

If you use Firefox, update it now using the instructions below. If you can’t update it, use another web browser such as Chrome, Safari or Edge.

Why are you writing about this?

This bug has only just been patched. Even though Firefox has an auto-update mechanism, we often see old versions of Firefox that haven’t been updated in a long time.

In each case, Firefox definitely needs to be updated to at least version 50.0.2.

How will I update my copy of Firefox?

On a Mac

If you are using a Mac, you can check your Firefox version by selecting “About Firefox” from the Firefox menu:

And checking that Firefox says that it is up to date. If it is not, click the update button.

On Windows

Click on the Firefox Menu at the right of the address bar and click the “Help” icon.

The help icon is located in the bottom right hand corner.

Choose About Firefox from the menu:

Check that your Firefox says that it is up to date. If it is not, click the update button.

Updating Firefox

Firefox will automatically update when you open it if you are online and your user has permission to install software, but you will need to close all open windows and open it once the update has installed.

In some cases you may need an IT administrator to update your software. If you are running an older version of Firefox and can’t update it yourself, you should contact your IT team and ask them to update it.

In the mean time use another web browser such as Chrome, Safari or Edge.

Updates to this article

We’ve updated this article a couple of times. Here are some of the changes.

  • Provide reference to ArsTechnica and The Register (12am)
  • Provide clarity around the scope of the vulnerability (7:30am)
  • Update about the release of 50.0.2 which addresses the vulnerability

Leave a Reply