New: 14 January 2020

A critical vulnerability has been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR) which could allow for arbitrary code execution.  Exploit occurs when users click malicious links. Targeted attacks exploiting this flaw have been found in the wild.

All users are recommended to upgrade and patch immediately.

Note** that stand-alone or unmanaged versions of Firefox will usually upgrade automatically. System administrators should ensure that managed versions are upgraded as soon as possible.

Recommended Actions:

Update Firefox to version > 72.0.1

Update Firefox ESR to version > 68.4.1

Affected Versions:

Firefox < 72.0.1

Firefox ESR < 68.4.1