Government has issued an urgent warning to Mozilla Firefox users, advising them to upgrade their browsers immediately
The Indian government has issued a high-level warning to internet users who use Mozilla Firefox. According to the most recent bulletin from the Indian Computer Emergency Response Team (CERT-In), various security vulnerabilities in Mozilla products have been uncovered.
According to CERT-In, these vulnerabilities might be used by hackers to not only sidestep security constraints, but also to perform spoofing attacks, execute arbitrary code, and access sensitive information without the agreement of users.
These flaws exist in Mozilla products as a result of use-after-free in-text reflows and thread shutdown, a time-of-check time-of-use bug when trying to verify add-on signatures, an error when seeking to control the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the search engine, downloading of temporary files to /tmp and accessible to other local users, side-channel attacks on the text, window spoof using full-screen mode, CERT-In explained in the latest advisory.
In an official release, CERT-In explained how hackers may exploit the security issues, saying, “A remote attacker could exploit these vulnerabilities by luring a victim to visit a specially designed link or website.” A remote attacker that successfully exploits these vulnerabilities may be able to circumvent security constraints, conduct spoofing attacks, execute arbitrary code, access sensitive information, and launch a denial of service attack on the targeted machine.
CERT-In advises impacted users to upgrade their Mozilla Firefox versions to Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7 as soon as possible.