Update Firefox again – more RCEs and an Android “takeover” bug too – Naked Security

Spread the love

This weekend, we were urging you to check your Firefox version to make sure you were up to date…

…and now we’re urging you to check again.

The update that came out over the weekend was an emergency patch, issued for a security hole that was found because it was already in use by criminals in real life – what’s known in the trade as a zero day because there were zero days on which you could have patched in advance.

This one is a bit less dramatic, being a scheduled update of the sort you expect to see issued on a regular basis.

Regular readers will know that we used to call these Fortytwosdays, as an homage to HHGttG, because regular updates used to arrive every six weeks, and 6×7 = 42.

We’ll refer to this one a Fourthytuesday instead, now that Firefox has reduced its update wavelength to four weeks to get important-but-not-zero-day-critical fixes out just that bit more frequently.

You should be checking that you have 75.0, or 68.7.0esr if you or your organisation uses the Extended Support Release.

Those versions are bumped up from from 74.0.1 and 68.6.1esr that arrived urgently over the weekend.

Screenshots of how to verify your version can be found in our weekend article about the zero-day patch. (Hamburger > Help > About Firefox.)

It’s handy to know how to update verification at will, because merely checking that you’re up-to-date will give you a one-click option to get any patch that you might have missed out on.

Also, if your automatic update hasn’t happened yet, a manual check will let you “jump the queue” and get the update a bit sooner.