Mozilla Firefox users beware, your device is at high risk and here is how you can fix it
The Indian Computer Emergency Response Team has alerted Mozilla users about serious vulnerabilities that threaten device security. The government has asked these users to immediately update their software to mitigate risks posed by these flaws.
by Divya Bhati · India TodayIn Short
- CERT-In issues high risk warning for Mozilla Firefox
- The warning is for both mobile and web users
- Users are asked to immediately update their web browser to protect their system
The Indian Computer Emergency Response Team (CERT-In) has released a new risk warning for internet users and this is for the Mozilla Firefox users. In its latest security note, the government has highlighted some serious vulnerabilities in the Mozilla Firefox and related products. And in order to protect the systems, the government is urging users to take immediate action to secure their devices. According to the security note, the highlighted critical vulnerabilities in Mozilla's browser poses a significant threat, and if exploited could allow remote attackers to exploit and compromise targeted systems.
CERT-In’s advisory note CIVN-2024-0317 highlights these vulnerabilities found in various Mozilla products, including Firefox, Firefox ESR, and Thunderbird. These vulnerabilities are present in Mozilla Firefox versions prior to 131, Firefox ESR (Extended Support Release) versions prior to 128.3 and 115.16, and Thunderbird versions prior to 128.3 and 131.
Software affected
The vulnerabilities affect several widely-used Mozilla products both on mobile and PC. If you are using any of the following software versions, you are at risk:
Mozilla Firefox: Versions prior to 131.
Mozilla Firefox ESR: Versions prior to 128.3 and 115.16.
Mozilla Thunderbird: Versions prior to 128.3 and 131.
According to the advisory, attackers could exploit these vulnerabilities in Mozilla Firefox and Thunderbird through several techniques, including:
– Bypassing security features like site isolation through compromised content processes.
– Exploiting cross-origin attacks, allowing malicious websites to bypass normal security restrictions.
– Hiding the true nature of downloaded files using specially crafted filenames, leading to potential malicious downloads.
– Uploading directories through clickjacking, a technique used to trick users into interacting with malicious interfaces.
– Triggering denial-of-service (DoS) attacks using specially crafted WebTransport requests.
– Memory safety bugs that allow for arbitrary code execution, giving attackers control over the system.
To protect themselves from these critical vulnerabilities, the government has urged users to update their software with the latest versions provided by Mozilla. Mozilla has also issued several advisories, each containing fixes for the specific vulnerabilities uncovered. By applying these updates, users can ensure their systems are secured against these known threats.
For users unsure whether they are running the latest version:
– Open the Mozilla Firefox or Thunderbird menu.
– Navigate to “Help”.
– Click on “About Firefox” or “About Thunderbird.”
– Check for any updates and install them automatically.
– If an update is available, a pop-up window will appear with a button to install it.
– After updating, Firefox will display a green checkmark and a message that it is up to date.