The Indian Computer Emergency Response Team (CERT-In) has issued a new risk alert for internet users and it is for Mozilla Firefox users. In its latest security note, the government has highlighted some serious vulnerabilities in Mozilla Firefox and related products. And to protect the system, the government is urging users to take immediate action to secure their devices. According to the security note, the highlighted critical vulnerabilities in Mozilla’s browser pose a significant threat, and if exploited could allow remote attackers to exploit and compromise a targeted system.

CERT-In’s advisory note CIVN-2024-0317 highlights these vulnerabilities found in various Mozilla products, including Firefox, Firefox ESR, and Thunderbird. These vulnerabilities exist in Mozilla Firefox versions before 131, Firefox ESR (Extended Support Release) versions before 128.3 and 115.16, and Thunderbird versions before 128.3 and 131.

software affected

These vulnerabilities affect many widely used Mozilla products on both mobile and PC. If you are using any of the following software versions, you are at risk:

Mozilla Firefox: Versions before 131.
Mozilla Firefox ESR: Versions before 128.3 and 115.16.
Mozilla Thunderbird: Versions before 128.3 and 131.

According to the advisory, attackers can exploit these vulnerabilities in Mozilla Firefox and Thunderbird through multiple techniques, including:

– Bypassing security features such as site isolation through compromised content processes.

– Exploit cross-origin attacks, allowing malicious websites to bypass normal security restrictions.

– Disguising the true nature of downloaded files by using specially crafted file names, which can lead to potentially malicious downloads.

– Uploading to directories via clickjacking, a technique used to trick users into interacting with malicious interfaces.

– Triggering denial of service (DoS) attacks using specially crafted WebTransport requests.

– Memory protection bugs that allow arbitrary code execution, giving attackers control over the system.

To protect themselves from these serious vulnerabilities, the government has urged users to update their software with the latest versions provided by Mozilla. Mozilla has also issued several advisories, each of which contains solutions to the specific vulnerabilities exposed. By applying these updates, users can ensure that their system is protected from these known threats.

For users who are unsure whether they are running the latest version:
– Open the Mozilla Firefox or Thunderbird menu.
– Navigate to “Help”.
– Click “About Firefox” or “About Thunderbird.”
– Check for any updates and install them automatically.
– If an update is available, a pop-up window will appear with a button to install it.
– After updating, Firefox will display a green checkmark and a message that it is up to date.