Firefox, a bug allows hackers to steal all your data

If not updated, Mozilla's browser allows hackers to access your PC's hard drive and steal all the data contained within

If you use the Mozilla Firefox web browser, or Firefox ESR (Extended Release Support, the version of Firefox for large companies), run now to download and install the latest patches: the browser has a serious vulnerability that allows hackers to take control of your computer and steal your data.

The vulnerability has been classified with the code CVE-2019-17026, affects all Firefox versions (for Windows PC, Linux and Mac), has already been exploited by hackers and is considered "critical" by Mozilla itself. It is so critical that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA, the American public body that deals with computer security), has invited users to update their browser and has confirmed that this vulnerability has been exploited to carry out targeted attacks. No one, however, specifies any details about these already successful attacks.

How CVE-2019-17026 works

The CVE-2019-17026 flaw mainly affects the "IonMonkey" component of Firefox, which is part of the software engine that processes JavaScript commands. By means of JavaScript code specially written to exploit the flaw, therefore, it is possible to take control of the browser and the computer if the user visits the trap site. This kind of attacks are called "Watering-Hole": when you want to attack a specific user, a company or an institution and you know which are the most visited sites by the user or the employees of the company/entity, you just need to violate one of these sites by injecting malicious code (in this case JavaScript, to exploit the flaw in question). The next time someone visits that site they will fall into the trap.

Update Firefox

Mozilla has already patched the CVE-2019-17026 flaw, releasing Firefox 72.0.1 for Windows, MacOS, Linux (64-bit and 32-bit) and Firefox ESR 68.4.1 for Windows, MacOS, Linux (64-bit and 32-bit). Those who already have these versions can stay safe, those who have an older version should update the browser sooner rather than later. The latest version of Firefox, by the way, fixes many other minor vulnerabilities and allows the user greater privacy protection when surfing the Web in compliance with the recent California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020.