The Indian Computer Emergency Response Team (CERT-In) has issued a critical security warning for users of the Mozilla Firefox web browser. The cybersecurity watchdog has identified a series of vulnerabilities that could expose users' devices to potential hacker attacks.

The advisory, designated as CERT-In Vulnerability Note CIVN-2023-0348 and CIVN-2024-0317, highlights the significant risks to the safety and performance of devices running vulnerable versions of Firefox. CERT-In has warned that attackers could exploit these flaws to take control of affected systems, steal sensitive data, or disrupt normal operations. The vulnerabilities stem from various coding flaws within the browser. Exploitation could occur if users are tricked into visiting specially crafted websites or opening malicious attachments.

Specifically, the vulnerabilities affect Mozilla Firefox ESR versions before 115.5.0 and below 128.3 or 115.16, Mozilla Firefox for iOS versions before 120, Mozilla Firefox versions before 120 and older than 131, and Mozilla Thunderbird versions before 115.5 and prior to 128.3 and 131.

CERT-In has outlined several ways in which these vulnerabilities could be exploited:

• Remote Code Execution: Attackers could remotely execute code on a user's system.
• Information Disclosure: Sensitive information could be disclosed to unauthorized parties.
• Security Restriction Bypass: Attackers might bypass security restrictions.
• Denial of Service: Attackers could create conditions that lead to a denial-of-service state, crashing the system.
• Out-of-bounds Memory Access: A flaw in WebGL2 blitFramebuffer could allow attackers to crash browsers or execute arbitrary code.
• Use-after-free Vulnerabilities: Vulnerabilities in MessagePort::Entangled and ReadableByteStreamQueueEntry::Buffer could allow attackers to manipulate device memory and gain unauthorized access.
• Clickjacking: Attackers could use fullscreen transition to trick users.
• Bypassing Security Features: Attackers can bypass built-in security features, making it easier to compromise devices.
• Cross-Origin Vulnerabilities: Harmful sites might breach a browser's security barriers.

To mitigate these risks, CERT-In urges users to take the following actions:

• Update immediately: Update Mozilla products to the latest versions.
• Enable automatic updates: Ensure automatic updates are enabled for timely protection.
• Install security software: Install reputable antivirus and anti-malware software and keep them updated.
• Exercise caution: Be cautious while visiting websites and opening attachments.

By taking these steps, users can significantly reduce their risk of falling victim to these vulnerabilities and protect their systems from potential attacks.