Government issues advisory for Mozilla Firefox users: Details

In its latest advisory, the Indian Computer Emergency Response Team (CERT-In) is warning against multiple vulnerabilities in Mozilla Firefox browser. The vulnerability, the agency says, can be exploited by attackers to persuade victims to visit a specially crafted website. In its advisory, CERT-In has advised users to update Mozilla Firefox to version 105 and Mozilla Firefox ESR to version 102.3.

CERT-In is the national cyber agency that works under the aegis of the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats.

What does the advisory say?

The cyber agency says that multiple Vulnerabilities exist in Mozilla Firefox which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system.

“These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Bypass of FeaturePolicy restrictions on transient pages, Data-race while parsing non-UTF-8 URLs in threads, Bypass of Secure Context restriction for cookies_Host and _Secure prefix, Stack-buffer overflow while initializing Graphics, Content-Security-Policy base-uri bypass and Incoherent instruction cache while building WAS on ARM64,” it states.

Which software is affected?

In its advisory, CERT-In says that Mozilla Firefox versions prior to 105 and Mozilla Firefox ESR versions prior to 102.3 are impacted by these vulnerabilities.

What should users do?

Mozilla Firefox users are advised to update to the latest version of the browser, version 105. Mozilla Firefox ESR version should also be upgraded to 102.3 in case the device is running old versions.

Earlier this month, the Indian Computer Emergency Response Team cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Post your comment

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.