Government issues advisory for Mozilla Firefox users: Details

CERT-In is the national cyber agency that works under the aegis of the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats.

What does the advisory say?

The cyber agency says that multiple Vulnerabilities exist in Mozilla Firefox which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system.

“These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Bypass of FeaturePolicy restrictions on transient pages, Data-race while parsing non-UTF-8 URLs in threads, Bypass of Secure Context restriction for cookies_Host and _Secure prefix, Stack-buffer overflow while initializing Graphics, Content-Security-Policy base-uri bypass and Incoherent instruction cache while building WAS on ARM64,” it states.

Which software is affected?

In its advisory, CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.

What should users do?

Mozilla Firefox users are advised to update to the latest version of the browser, version 105. Mozilla Firefox ESR version should also be upgraded to 102.3 in case the device is running old versions.

Earlier this month, the Indian Computer Emergency Response Team cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.

Post your comment
First article