The Indian Computer Emergency Response Team (CERT-In) has cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems.
In its advisory, CERT-In says that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.
“These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document… that results in a use-after-free error and memory safety bugs within the browser engine,” the cyber agency says in its advisory. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially-crafted web request, it further adds.
For the unversed, CERT-In is the country’s cyber agency under the aegis of IT Ministry. It has advised Mozilla Firefox users to update to the latest versions.
CERT-In has also found a vulnerability in open source coding platform Drupal which can allow attackers to bypass security restrictions on the targeted system. “Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions (leak valid payment details and accept invalid payment details) on the targeted system,” it warned.
Earlier this month, CERT-In notified multiple vulnerabilities in Google Chrome that could allow remote attackers to execute arbitrary code and bypass security restrictions on targeted systems. As per the advisory, Google Chrome users running versions prior to Google Chrome 104.0.5112.101 were at the risk.
The agency said that multiple vulnerabilities have been detected in Google Chrome browser “which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system.” “These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, Chrome OS Shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in Cookies and inappropriate implementation in extensions API,” it further added.
Download The Mint News App to get Daily Market Updates & Live Business News.
More
Less
