How to make sure you're using the latest version of LastPass for Firefox

How to make sure you're using the latest version of LastPass for Firefox
mozilla firefox primaryImage: IDG

I’m a big fan of browser-based password managers such as Dashlane and LastPass. But these solutions aren’t perfect as we recently discovered. Earlier this week, LastPass users got a shock when Google Security Team researcher Tavis Ormandy discovered a critical flaw affecting LastPass 4.0 users on Firefox. The security hole allowed for remote (and complete) compromise of a victim’s account after luring them to a malicious website.

LastPass quickly fixed the security issue, and if you’re on the updated Firefox extension your account should be safe from this exploit. Here’s how to verify that you’re protected.

Manual updates for add-ons

Open Firefox (these instructions are based on Firefox 47), type about:addons into the address bar, and hit Enter on your keyboard. Next, click on Extensions in the left-hand navigation bar, navigate to the LastPass entry, and click the More link in that section.

lastpassfirefox

LastPass for Firefox.

You should now be on a page that looks similar to what you see above. First, look at the top. If it says LastPass 3.3.1 then look no further. You’re not affected by the exploit. If it says LastPass 4.0, however, you can check to make sure you are on the latest version of the add-on.

Click on the settings cog in the upper right-hand corner and select Check for Updates. This will check for updates for all your Firefox add-ons. If updates are found they will be downloaded, if not then you already have the latest versions of your browser enhancements. 

You can double-check this by clicking on the settings cog again and selecting View Recent Updates. If LastPass was recently updated it will be listed here. 

One last time, click the settings cog and make sure there is a check mark next to Update Add-ons Automatically. There should be one by default, but if not, selecting this setting will make sure your add-ons are always updated to their latest versions.

Thinking twice about password managers

It’s always tempting when a serious security issue pops up to swear off the software forever. Security flaws suck, but using these tools is a far better option than inventing and remembering passwords on your own. That inevitably leads to password reuse across multiple sites, which can set you up for far worse problems than a security flaw that was patched quickly.

You should also be sure to enable two-factor authentication with your LastPass account. It’s not clear if that would’ve helped in this case, but in general it’s a good security practice that makes it much harder for an attacker to take control of your account.

admin

Related post

The WordPress vs. WP Engine drama, explained

The WordPress vs. WP Engine drama, explained

New AI experiences enter Windows 11's Paint, Notepad

New AI experiences enter Windows 11's Paint, Notepad

Block scales back TIDAL investment and shutters TBD in favor of Bitcoin mining

Block scales back TIDAL investment and shutters TBD in favor of Bitcoin mining

AMD Ryzen 7 9800X3D review: New gaming titan obliterates Intel's best

AMD Ryzen 7 9800X3D review: New gaming titan obliterates Intel's best

Samsung's incredible 990 Pro SSD is a no-brainer when it's 40% off

Samsung's incredible 990 Pro SSD is a no-brainer when it's 40% off

How to make Windows search use Google instead of Bing

How to make Windows search use Google instead of Bing

Leave a Reply

Your email address will not be published. Required fields are marked *