Home / Technology / News /  Government issues advisory for Mozilla Firefox users: Details

In its latest advisory, the Indian Computer Emergency Response Team (CERT-In) is warning against multiple vulnerabilities in Mozilla Firefox browser. The vulnerability, the agency says, can be exploited by attackers to persuade victims to visit a specially crafted website. In its advisory, CERT-In has advised users to update Mozilla Firefox to version 105 and Mozilla Firefox ESR to version 102.3.

CERT-In is the national cyber agency that works under the aegis of the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats.

What does the advisory say?

The cyber agency says that multiple Vulnerabilities exist in Mozilla Firefox which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system.

“These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Bypass of FeaturePolicy restrictions on transient pages, Data-race while parsing non-UTF-8 URLs in threads, Bypass of Secure Context restriction for cookies_Host and _Secure prefix, Stack-buffer overflow while initializing Graphics, Content-Security-Policy base-uri bypass and Incoherent instruction cache while building WAS on ARM64," it states.

Which software is affected?

In its advisory, CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.

What should users do?

Mozilla Firefox users are advised to update to the latest version of the browser, version 105. Mozilla Firefox ESR version should also be upgraded to 102.3 in case the device is running old versions.

Earlier this month, the Indian Computer Emergency Response Team cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices' security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.

Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less

Recommended For You

Trending Stocks

Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout