It has been reported that some Windows users may have encountered crashes when visiting some websites or receiving unexpected content. If you happen to be one of these users and have not yet upgraded, it’s recommended that you do so as soon as possible.

We do not yet know if these issues are related or not. It’s also important to note that not all users may be affected by these issues, and it’s likely that not all users who upgrade will be affected.

While memory corruption is a serious issue, and it’s one that can certainly lead to remote code execution, we do not believe that this issue is being actively exploited at this time. There’s no evidence that hackers are trying to exploit this vulnerability in the wild.

What to do next? If you are using Firefox and are not yet on Firefox version 101, we advise that you upgrade as soon as possible. If you are using Thunderbird, we advise that you upgrade to the latest version available.

Security updates are available for Windows, OS X and Linux

The security updates are available for Windows, OS X and Linux. These updates will be installed automatically when you restart your computer or open your browser.

Windows Users: Upgrade to Windows 10 as Soon as Possible

If you are using Windows 7, Windows 8.1, or Windows Vista and have not yet upgraded to version 10 of Microsoft’s operating system, then it is recommended that you upgrade as soon as possible. This is because it has been reported that some Windows users may have encountered crashes when visiting some websites or receiving unexpected content.

Check if you are affected by CVE-2018-6288: Windows Only

The good news for those who are not yet using Firefox or Thunderbird with the most recent version is that, as of now, we don't believe that this issue has been actively exploited in the wild. If you use Firefox and want to check if you are affected by this vulnerability, please follow these instructions:

1. Go to about:support and make sure that the last two digits of your build number are 101 or later.
2. Click on "About Firefox" and then click "Check for Updates." This will also install the latest version of Firefox automatically.

Firefox 101 Released

Released today, Firefox version 101 is available for your download. This release includes a fix for the issues reported by some Windows users who experienced crashes or unexpected content on websites. If you use Firefox, it’s recommended that you upgrade as soon as possible to avoid any potential issues with websites.

The vulnerability was found by Mozilla researcher Jann Horn and fixed in the latest version of Firefox. There’s no evidence of hackers exploiting the vulnerability at this time.  It’s not clear what specific fix was involved in this release, but if you want to be safer from these types of vulnerabilities, it’s recommended that you upgrade your browser now.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 21:25:00 UTC

References