India's cyber agency now warns about bugs in Mozilla Firefox browser


New Delhi, Aug 31 (IANS): After warning users about bugs in Google Chrome for desktop, the Indian Computer Emergency Response Team (CERT-In) has now cautioned against multiple vulnerabilities in Mozilla Firefox products that can let hackers compromise devices and systems.

The bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system, CERT-In said in its latest advisory.

"These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document... that results in a use-after-free error and memory safety bugs within the browser engine," explained the cyber agency.

A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially-crafted web request.

CERT-In, which comes under the IT Ministry, advised users to update to the latest Mozilla Firefox versions.

CERT-In also found a vulnerability in open source coding platform Drupal which could allow an attacker to bypass security restrictions on the targeted system.

"Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions (leak valid payment details and accept invalid payment details) on the targeted system," it warned.

Last week, the cyber agency had warned users about multiple vulnerabilities in Google Chrome for desktop that could let threat actors gain access to their computers.

 

  

Top Stories


Leave a Comment

Title: India's cyber agency now warns about bugs in Mozilla Firefox browser



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.