It does not affect users running Firefox ESR or Firefox due to the nature of the required upgrade. We strongly recommend that all users upgrade as soon as possible. In addition to upgrading software, users can limit their risk by following these recommendations: Only trust JavaScript that is embedded directly into a web page. Avoid clicking on links in emails, social media posts, etc.
These links may lead to malicious content that could attempt to exploit this vulnerability. Disable code execution if possible, such as by using an extension that prevents script from running or an application whitelisting feature. If possible, block all access to the file system. This will prevent an attacker from injecting malicious code into the system by placing it on removable media. Use a unique password for every web site.
What to do if you are currently running Firefox version 49.0
Some of the vulnerabilities can be exploited only when JavaScript is executed. If you have blocked execution of scripts on your system, this will not prevent exploitation of the vulnerabilities. It is recommended that everyone upgrade to Firefox version 49.0 or later as soon as possible.
What to do if you are still running Firefox ESR or Firefox
If you are still running Firefox ESR or Firefox, do not upgrade to version 54 until you can confirm that the vulnerability has been addressed. We also recommend that users avoid clicking on links in emails, social media posts, etc. until the issue has been resolved.
As a workaround, Firefox users can limit their risk by following these recommendations: Use an extension like NoScript to prevent script from running or an application whitelisting feature to prevent malicious code from executing. Block all access to the file system.
What to do if you are currently running Firefox ESR
If you are currently running Firefox ESR and want to upgrade, follow the instructions below:
1. Visit https://www.mozilla.org/en-US/firefox/all-older.html to identify your Firefox ESR version (usually 3.* or 4.*)
2. Click on the "Upgrade" button under your version of Firefox to download a copy of the appropriate release
3. Double-click on the downloaded file to install it on your system
4. Restart Firefox after installation is complete
What to do if you are currently running Firefox ESR
If you are running Firefox ESR and want to upgrade your ESR version to Firefox 58, you can do so by updating the software. If you prefer, you can also install Firefox 58 directly from addons.mozilla.org.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 16:39:00 UTC