CERT-In warns Mozilla Firefox users of hacking threat

The Indian Computer Emergency Response Team (CERT-In) has warned Mozilla Firefox users about multiple vulnerabilities reported in Mozilla products. According to the information provided by CERT-In, the vulnerabilities reported in Mozilla products could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system. “Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system,” the organisation said.

The agency further informed that these vulnerabilities exists in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document, data race in the PK11_ChangePW function that results in a use-after-free error and memory safety bugs within the browser engine. The remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

“Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attacks on the targeted system,” it said.

Giving a solution, CERT-In further said to upgrade to Mozilla Firefox Thunderbird versions 91.13 and 102.2, Firefox ESR versions 91.13 and 102.2, and Mozilla Firefox version 104.

It can be known that CERT-In comes under the IT Ministry. According to a report by IANS, CERT-In also found a vulnerability in open source coding platform Drupal which could allow an attacker to bypass security restrictions on the targeted system.

Last week, the cyber agency had warned users about multiple vulnerabilities in Google Chrome for desktop that could let threat actors gain access to their computers.