How to make sure you're using the latest version of LastPass for Firefox

LastPass just patched a major security flaw that allowed an attacker to remotely compromise an account. Here's how to make sure you're not vulnerable.

mozilla firefox primary
Credit: Rob Schultz

I’m a big fan of browser-based password managers such as Dashlane and LastPass. But these solutions aren’t perfect as we recently discovered. Earlier this week, LastPass users got a shock when Google Security Team researcher Tavis Ormandy discovered a critical flaw affecting LastPass 4.0 users on Firefox. The security hole allowed for remote (and complete) compromise of a victim’s account after luring them to a malicious website.

LastPass quickly fixed the security issue, and if you’re on the updated Firefox extension your account should be safe from this exploit. Here’s how to verify that you’re protected.

Manual updates for add-ons

Open Firefox (these instructions are based on Firefox 47), type about:addons into the address bar, and hit Enter on your keyboard. Next, click on Extensions in the left-hand navigation bar, navigate to the LastPass entry, and click the More link in that section.

lastpassfirefox

LastPass for Firefox.

You should now be on a page that looks similar to what you see above. First, look at the top. If it says LastPass 3.3.1 then look no further. You’re not affected by the exploit. If it says LastPass 4.0, however, you can check to make sure you are on the latest version of the add-on.

Click on the settings cog in the upper right-hand corner and select Check for Updates. This will check for updates for all your Firefox add-ons. If updates are found they will be downloaded, if not then you already have the latest versions of your browser enhancements. 

You can double-check this by clicking on the settings cog again and selecting View Recent Updates. If LastPass was recently updated it will be listed here. 

One last time, click the settings cog and make sure there is a check mark next to Update Add-ons Automatically. There should be one by default, but if not, selecting this setting will make sure your add-ons are always updated to their latest versions.

Thinking twice about password managers

It’s always tempting when a serious security issue pops up to swear off the software forever. Security flaws suck, but using these tools is a far better option than inventing and remembering passwords on your own. That inevitably leads to password reuse across multiple sites, which can set you up for far worse problems than a security flaw that was patched quickly.

You should also be sure to enable two-factor authentication with your LastPass account. It’s not clear if that would’ve helped in this case, but in general it’s a good security practice that makes it much harder for an attacker to take control of your account.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.