Govt issues urgent warning for Mozilla Firefox users, asks to update browser immediately

The Indian Computer Emergency Response Team (CERT-In) said that several security vulnerabilities have been discovered in Mozilla products. Check out the details here.

The government of India has issued a high-level warning for users who use Mozilla Firefox to browse the internet. In the latest update, the Indian Computer Emergency Response Team (CERT-In) said that several security vulnerabilities have been discovered in Mozilla products.

CERT-In highlighted that these vulnerabilities could be used by hackers to not only bypass security restrictions, but also conduct spoofing attacks, execute arbitrary code, and obtain sensitive details without users’ consent.

The security agency revealed that all Mozilla Firefox versions before the latest Firefox 98 update are impacted by these security vulnerabilities. In addition, Mozilla Firefox ESR versions before 91.7 and Mozilla Firefox Thunderbird versions prior to 91.7 are also facing similar security vulnerabilities.

“These vulnerabilities exist in Mozilla products due to use-after-free in-text reflows and thread shutdown, time-of-check time-of-use bug when verifying add-on signatures, an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the browser engine, downloading of temporary files to /tmp and accessible by other local users, side-channel attacks on the text and browser window spoof using full screen mode,” CERT-In explained in the latest advisory.

Further explaining how hackers could exploit the security flaws, CERT-In said in an official statement, “A remote attacker could exploit these vulnerabilities by convincing a victim to visit a specially crafted link or web site. Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system.”

CERT-In is asking affected users to immediately upgrade their Mozilla Firefox version to Firefox 98, Firefox ESR 91.7and Thunderbird 91.7. To upgrade to the latest version, follow the mentioned steps:

--To start with, click the menu button on the right side of the Firefox toolbar.