The government of India has issued a high-level warning for users who use Mozilla Firefox to browse the internet. According to the latest update from the Indian Computer Emergency Response Team (CERT-In), many security vulnerabilities in Mozilla products have been uncovered.
Hackers could exploit these flaws to not only overcome security constraints, but also to conduct spoofing attacks, run arbitrary code, and collect sensitive information without users’ knowledge, according to CERT-In.
These security flaws affect all Mozilla Firefox versions prior to the recent Firefox 98 release, according to the security firm. Additionally, Mozilla Firefox ESR versions before to 91.7 and Mozilla Firefox Thunderbird versions previous to 91.7 are both vulnerable to the same security flaws.
“These vulnerabilities exist in Mozilla products due to use-after-free in-text reflows and thread shutdown, time-of-check time-of-use bug when verifying add-on signatures, an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the browser engine, downloading of temporary files to /tmp and accessible by other local users, side-channel attacks on the text and browser window spoof using full-screen mode,” CERT-In explained in the latest advisory.
Further explaining how hackers could exploit the security flaws, CERT-In said in an official statement, “A remote attacker could exploit these vulnerabilities by convincing a victim to visit a specially crafted link or website. Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system.”
Affected users should upgrade to Mozilla Firefox 98, Firefox ESR 91.7, or Thunderbird 91.7 as soon as possible, according to CERT-In.
