*Update*

Mozilla Firefox has released an update to fix the vulnerability in its browser. Shutting down and re-opening the browser should trigger an update to version 50.0.2.

If you are not prompted to update and you are using Firefox as your preferred browser, please ensure you have updated to the most recent version: https://support.mozilla.org/en-US/kb/update-firefox-latest-version

Do not use your Firefox browser until you have ensured your version is up-to-date.

If you have questions or require help about this issue, please contact the IT Support Centre by calling extension 36666 or by filling in the Online Help form: http://www.queensu.ca/its/helpform.

--------------------------------------------------------------

Previous Description (2016-11-30 16:31:08):


Due to a Firefox vulnerability recently announced, Information Technology Services (ITS) recommends you temporarily switch browsers to Edge, IE, Chrome or a non-firefox based browser that is secure until Mozilla releases an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker has access to it. There is no fix at the time of this alert.

This exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so new variants of this attack are likely to emerge.

Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.

This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked. WordPress websites are currently being hacked to exploit this vulnerability.

More information about the vulnerability can be found here: https://www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild/