The Indian Computer Emergency Response Team (Cert-In) has published a vulnerability note on its website that advises Mozilla products users to upgrade to be safe from threat actors. The nodal agency of the government which deals with cyber security threats has given these vulnerabilities a “HIGH” severity rating.
Multiple vulnerabilities were identified in Mozilla products, including Firefox iOS version prior to 101, Firefox Thunderbird version prior to 91.10, Firefox ESR version prior to 91.10 and Firefox version prior to 101.
In its overview, Cert-In wrote that these vulnerabilities could “allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause denial of service (DoS) attack on the targeted system.”
The existence of these vulnerabilities is due to SQL injection in history tab, cross-origin resources length leaked, heap buffer overflow in WebGL, attacker-influenced path traversal while saving downloaded files, and more.
All Mozilla products users are advised to upgrade to Mozilla Firefox iOS 101, Firefox Thunderbird 91.10, Firefox ESR 91.10, and Firefox 101.