Government issues advisory for Mozilla Firefox users: Details1 min read . 02:30 PM IST
- CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.
In its latest advisory, the Indian Computer Emergency Response Team (CERT-In) is warning against multiple vulnerabilities in Mozilla Firefox browser. The vulnerability, the agency says, can be exploited by attackers to persuade victims to visit a specially crafted website. In its advisory, CERT-In has advised users to update Mozilla Firefox to version 105 and Mozilla Firefox ESR to version 102.3.
In its latest advisory, the Indian Computer Emergency Response Team (CERT-In) is warning against multiple vulnerabilities in Mozilla Firefox browser. The vulnerability, the agency says, can be exploited by attackers to persuade victims to visit a specially crafted website. In its advisory, CERT-In has advised users to update Mozilla Firefox to version 105 and Mozilla Firefox ESR to version 102.3.
CERT-In is the national cyber agency that works under the aegis of the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats.
CERT-In is the national cyber agency that works under the aegis of the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats.
What does the advisory say?
What does the advisory say?
The cyber agency says that multiple Vulnerabilities exist in Mozilla Firefox which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system.
The cyber agency says that multiple Vulnerabilities exist in Mozilla Firefox which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system.
“These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Bypass of FeaturePolicy restrictions on transient pages, Data-race while parsing non-UTF-8 URLs in threads, Bypass of Secure Context restriction for cookies_Host and _Secure prefix, Stack-buffer overflow while initializing Graphics, Content-Security-Policy base-uri bypass and Incoherent instruction cache while building WAS on ARM64," it states.
“These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Bypass of FeaturePolicy restrictions on transient pages, Data-race while parsing non-UTF-8 URLs in threads, Bypass of Secure Context restriction for cookies_Host and _Secure prefix, Stack-buffer overflow while initializing Graphics, Content-Security-Policy base-uri bypass and Incoherent instruction cache while building WAS on ARM64," it states.
Which software is affected?
Which software is affected?
In its advisory, CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.
In its advisory, CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.
What should users do?
What should users do?
Mozilla Firefox users are advised to update to the latest version of the browser, version 105. Mozilla Firefox ESR version should also be upgraded to 102.3 in case the device is running old versions.
Mozilla Firefox users are advised to update to the latest version of the browser, version 105. Mozilla Firefox ESR version should also be upgraded to 102.3 in case the device is running old versions.
Earlier this month, the Indian Computer Emergency Response Team cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices' security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.
Earlier this month, the Indian Computer Emergency Response Team cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices' security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.