2022-02-09 20:12:00

Closed

Mozilla has announced a high severity vulnerability in Firefox for Windows that is patched with the latest versions, 97.0 and Extended Support Release (ESR) 91.6.0. Please update as soon as possible. macOS and Linux are unaffected, but have other updates.

N/A

Mozilla has announced a high severity vulnerability in a component of Firefox for Windows that is patched with the latest versions, 97.0 and Extended Support Release (ESR) 91.6.0. Successful exploitation of the vulnerability in the Maintenance Service can be used to escalate to administrative privileges. Please update as soon as possible. macOS and Linux are unaffected by this vulnerability, but have other, less-severe vulnerabilities included in these patches and should still be updated.

Certified Desktop customers with Windows will have the patch available today, 2/9, with a deadline installation of Friday, 2/11 at 4:00 pm. Users who do not have a managed computer should check for updates and install them.

More information is available here:
https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-bug-letting-you-get-windows-admin-privileges/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753

For how to update Firefox on an unmanaged computer, see:
https://support.mozilla.org/en-US/kb/update-firefox-latest-release