Govt issues urgent warning for Mozilla Firefox users, asks to update browser immediately

The government of India has issued a high-level warning for users who use Mozilla Firefox to browse the internet. CERT-In highlighted that these vulnerabilities could be used by hackers to not only bypass security restrictions, but also conduct spoofing attacks, execute arbitrary code, and obtain sensitive details without users’ consent. Warning for Mozilla Firefox users The security agency revealed that all Mozilla Firefox versions before the latest Firefox 98 update are impacted by these security vulnerabilities. “These vulnerabilities exist in Mozilla products due to use-after-free in-text reflows and thread shutdown, time-of-check time-of-use bug when verifying add-on signatures, an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the browser engine, downloading of temporary files to /tmp and accessible by other local users, side-channel attacks on the text and browser window spoof using full screen mode,” CERT-In explained in the latest advisory. Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system.” CERT-In is asking affected users to immediately upgrade their Mozilla Firefox version to Firefox 98, Firefox ESR 91.7and Thunderbird 91.7.