Government issues browser Safety Notice: Mozilla Firefox users urged to update without delay

Delhi : Users of Mozilla products have received an urgent warning from the Indian Computer Emergency Response Team (CERT-In) about a number of significant vulnerabilities that might expose their devices to hacker assaults. These flaws, which are collectively known as CERT-In Vulnerability Note CIVN-2023-0348, seriously jeopardise the affected devices' functionality and safety.

CERT-According to the security notice, the vulnerabilities that have been noted are caused by a variety of code errors that might give hackers access to devices, enable them to steal confidential information, or interfere with regular operations.

WebGL2 blitFramebuffer out-of-bound memory access vulnerability: This weakness might let attackers run arbitrary code or crash impacted browsers. Utilization-after-free weaknesses in MessagePort::Readable and Entangled BitStream Queue Entry::Reserve: Attackers may be able to alter memory and perhaps obtain unauthorised access to private data as a result of these vulnerabilities.

The fullscreen transition is being used to clickjacking permission prompts: Because of this loophole, fraudulent websites may be able to fool users into giving them permission to view private data or take activities against their will. Copying items from the Selection API into the X11 primary selection Attackers may be able to obtain private data that has been copied to the clipboard thanks to this vulnerability. Inaccurate parsing of relative URLs beginning in "III": This weakness can let attackers trick users into visiting dangerous websites or get around security protections.