Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.
The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.
In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.
But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.
Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.
Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.
Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Firefox users can update their browser from the settings.
