Users of Mozilla products have received an urgent warning from the Indian Computer Emergency Response Team (CERT-In) about a number of significant vulnerabilities that could expose their devices to hacker attacks. These flaws, which are collectively known as CERT-In Vulnerability Note CIVN-2023-0348, seriously jeopardize the afflicted devices’ functionality and safety.
Details on government issued a serious security alert for Mozilla Firefox and requests that users update their browsers right now
CERT-According to the security notice, the vulnerabilities that have been noted are caused by a variety of coding errors that could give hackers access to devices, enable them to steal confidential information, or interfere with regular operations.
Among the vulnerabilities found are:
- WebGL2 blitFramebuffer out-of-bound memory access vulnerability: This weakness could let attackers run arbitrary code or crash impacted browsers.
- MessagePort use-after-free vulnerabilities: Readable and Entangled BitStream Queue Entry::Reserve: Attackers may be able to alter memory and perhaps obtain unauthorized access to private data as a result of these vulnerabilities.
The fullscreen transition is being used to clickjacking permission prompts: Because of this vulnerability, unscrupulous websites may be able to fool users into giving them permission to view private data or take activities against their will.
Copying contents from the Selection API into the X11 primary selection Attackers may be able to obtain private data that has been copied to the clipboard thanks to this vulnerability.
Inaccurate parsing of relative URLs beginning in “III”: This weakness can let attackers trick users into visiting dangerous websites or get around security protections.
Using clickjacking to force HTTPS-only pages to load unsafe ones: Attackers may be able to load malicious material on websites and get around HTTPS protection thanks to this flaw.
Memory safety bugs: These flaws could provide attackers the ability to run arbitrary code or cause affected browsers to crash.
Elevation of privilege through
In ReaderMode, HTML injection in %READER-BYLINE%: Because of this bug, harmful code could be injected into the browser’s ReaderMode by attackers, possibly jeopardizing user security.