Bug fixes this week | Vulnerabilities in Microsoft, Mozilla, Zoho, and Cisco products fixed

Multiple security bugs were detected in Microsoft Edge, Mozilla Firefox, Zoho magazine engine, and Cisco products by CERT-In 

Multiple high-severity vulnerabilities were reported in Microsoft’s Edge (Chromium-based) which could be exploited by cybercriminals to gain elevated privileges and execute arbitrary code on targeted systems. Attackers could exploit these vulnerabilities by sending specially crafted requests to targeted systems.

The vulnerabilities in Microsoft Edge were found to exist due to improper implementation of permission prompts, fullscreen API and inframe sandbox, a heap buffer overflow in network service, and use after free in cart.

Microsoft released updates fixing these security bugs on January 12, asking users to update their software to avoid their exploitation.

(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)

High-severity security bugs were detected in Mozilla Firefox versions, which could be exploited by remote attackers to perform attacks, bypass security restrictions, access sensitive information, and execute arbitrary code on targeted systems.

The security bugs could be exploited by remote cyber attackers by persuading victims to visit a specially crafted website, and exist due to logic errors in process allocation, arbitrary file read on Linux, improper input validation while copying a network request from the developer tools panel, errors in the way an origin notification is handled between normal and private browsing and incorrect processing of content security calls.

Bugs were also found to exist due to a boundary error while processing HTML content, and suppression of full-screen notifications.