Indian Computer Emergency Response Team (CERT-In) has issued a critical warning regarding multiple vulnerabilities in Mozilla Firefox and other Mozilla products. These security flaws could allow attackers to execute arbitrary code on targeted systems, posing significant risks to users of Mozilla Firefox, Firefox ESR, and Thunderbird.
Softwares affected
The government has highlighted that various Mozilla products, including Firefox versions prior to 131 and Thunderbird versions prior to 128.3, are vulnerable. CERT-In has classified the severity of these vulnerabilities as critical, urging users to take immediate action.
What the government has said
The vulnerabilities involve various attack methods that could lead to serious breaches, such as remote code execution, memory corruption, and denial of service.
These issues arise from several factors, including flaws in site isolation, memory management, and potential exploits through specially crafted web requests. Some vulnerabilities involve malicious techniques such as clickjacking, bypassing security checks, and exploiting bugs in Firefox's just-in-time (JIT) compilation process. This makes the browser and other Mozilla products susceptible to malicious actors who could trick users into executing harmful commands through carefully constructed web pages or files.
What users can do
To mitigate the risks, CERT-In advises users to update their Mozilla software to the latest available versions. Mozilla has already released patches for the affected products, and users are strongly recommended to apply these updates as soon as possible.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
