Computer users who have not upgraded to the latest version of Mozilla Corp.’s Firefox browser may now have an extra incentive to do so, thanks to a hacker going by the name of Aviv Raff.On Sunday, Raff published sample code that could be used to take over the computers of Firefox users running version 1.0.4 or earlier of the browser. The exploit takes advantage of a known bug in the way that Firefox processes the popular Javascript Web programming language.“I think it’s been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC [proof of concept] exploit for the … vulnerability,” he wrote on his blog.The bug was fixed in Mozilla version 1.0.5, which was released last July, and has also been fixed in version 1.7.9 of the Mozilla Suite, said Mike Schroepfer, vice president of engineering with Mozilla Corp. “As long as users keep updated to the latest version, they’re, in general, very safe.” In some ways, this latest exploit is similar to highly publicized attack code that has been circulating for Microsoft Corp.’s Internet Explorer (IE) browser, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust Inc. “It can install and run code of the attacker’s choice if a victim visits a malicious Web site,” he said in an interview via instant message.Users who are not already in the habit of frequently updating their browsers should change their ways, because browsers are “historically broken,” Cooper said. “That means they have vulnerabilities regularly,” he added. “You should keep them updated within 30 days of patches being made available, regardless of what the patch is for.” The IE code, which was published in November, takes advantage of a Javascript problem that has not yet been patched.Many security experts expect Microsoft to patch its Javascript bug on Tuesday, but the Redmond, Washington, software giant has not confirmed that this will be the case.By Robert McMillan – IDG News Service (San Francisco Bureau) Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe