The Indian Computer Emergency Response Team (CERT-In) issued “A critical warning to Mozilla users about a series of vulnerabilities that could leave their devices exposed to hacking attacks. Users are advised to immediately update all Mozilla products.”
The CERT-In’s security cited, “the highlighted vulnerabilities stem from various coding flaws that could allow attackers to take control of devices, steal sensitive data, or disrupt normal operations.”
The vulnerabilities that they have identified include:
- Out-of-bound memory access in WebGL2 blitFramebuffer: “This flaw could allow attackers to crash affected browsers or execute arbitrary code.”
- Use-after-free vulnerabilities in MessagePort: Entangled and ReadableByteStreamQueueEntry: “These vulnerabilities could enable attackers to manipulate memory and potentially gain unauthorized access to sensitive information.”
- Clickjacking permission prompts using the fullscreen transition: “This issue could allow attackers to trick users into granting permission for malicious websites to access sensitive information or perform actions without their consent.”
- Selection API copying contents into X11 primary selection: “This vulnerability could allow attackers to steal sensitive information copied to the clipboard.
- Incorrect parsing of relative URLs starting with “III”: “This flaw could allow attackers to redirect users to malicious websites or bypass security measures.”
- Clickjacking to load insecure pages in HTTPQ-only mode: “This issue could allow attackers to bypass HTTPS security and load malicious content on websites.”
- Memory safety bugs: “These bugs could allow attackers to crash affected browsers or execute arbitrary code.”
- Privilege escalation through.
- HTML injection in %READER-BYLINE% of Reader Mode: “This issue could cause attackers to inject malicious code into the browser’s ReaderMode, potentially compromising user security.”