Mozilla Firefox ‘high' severity threat flagged by CERT-In; check details, solution

India’s national cyber agency Computer Emergency Response Team (CERT-In) has flagged multiple vulnerabilities in Mozilla Firefox products in its latest security alert issued on Monday (August 29). 

CERT-In has categorised it as a ‘High Severity’ warning. The software affected are Mozilla Firefox Thunderbird versions prior to 91.13 & 102.2, Mozilla Firefox ESR versions prior to 91.13 and 102.2 and Mozilla Firefox versions prior to 104.  

As per the national agency, "multiple vulnerabilities have been reported in Mozilla products" which can allow hackers to remotely attack a system and bypass security restrictions. A remotely based attacker can then cause a denial of service (Dos) attack on the infected system. 

"These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross origin iframe referencing an XSLT document, data race in the PK11_ChangePW function that results in a use-after-free error and memory safety bugs within the browser engine,"

It added that these vulnerabilities can be exploited by coaxing a victim into opening a "specially crafted web request".

Solution

The agency mentions that users who may be at risk should upgrade to Mozilla Firefox Thunderbird versions 91.13 and 102.2, Firefox ESR versions 91.13 and 102.2 and Mozilla Firefox version 104.

READ | Call data of 20 million Vodafone Idea postpaid customers exposed, says research firm