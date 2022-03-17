NEW DELHI: Indian government cybersecurity agency– The Indian Computer Emergency Response Team (CERT-In)- has issued a high level warning for those using Mozilla Firefox to browse the internet. CERT-In said that several security vulnerabilities have been found in Mozilla products which could be used by hackers to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system.

All Mozilla Firefox internet browser versions before the latest Firefox 98 are affected by these security vulnerabilities. Also, Mozilla Firefox ESR versions prior to 91.7 and Mozilla Firefox Thunderbird versions prior to 91.7 are facing similar security vulnerabilities.

CERT-In is warning users to upgrade to Mozilla Firefox version Firefox 98, Firefox ESR 91.7and Thunderbird 91.7 immediately.

“These vulnerabilities exist in Mozilla products due to use-after-free in text reflows and thread shutdown, time-of-check time-ofuse bug when verifying add-on signatures, an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the browser engine, downloading of temporary files to /tmp and accessible by other local users, side-channel attacks on the text and browser window spoof using full screen mode," CERT-In said in its latest advisory.

Explaining how hackers could exploit the security flaws, CERT-In said, “A remote attacker could exploit these vulnerabilities by convincing a victim to visit a specially crafted link or web site. Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system."

