Mozilla Firefox and Thunderbird users are facing critical vulnerabilities that could result in arbitrary code execution and system instability. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory urging immediate software updates to mitigate these risks. Affected: Mozilla Firefox, Mozilla Thunderbird
Keypoints :
- High-severity vulnerabilities found in Mozilla Firefox and Thunderbird.
- Advisory issued by CERT-In on January 20, 2025.
- Vulnerabilities affect both desktop and mobile versions of the software.
- Potential consequences include arbitrary code execution, system instability, and privilege escalation.
- Specific affected versions include Firefox and Thunderbird versions prior to 134.
- Mozilla has released patches for the vulnerabilities.
- Users are urged to update their software immediately to mitigate risks.
- Exploitation of these vulnerabilities could lead to unauthorized access and significant system disruptions.
- Vulnerabilities stem from weaknesses in core components like the WebChannel API and memory safety protocols.
- Mozilla’s response includes security patches for affected versions.
MITRE Techniques :
- TA0001 – Initial Access: Exploitation of vulnerabilities to gain unauthorized access to systems.
- TA0002 – Execution: Arbitrary code execution due to memory safety bugs.
- TA0003 – Persistence: Privilege escalation through the WebChannel API vulnerability.
- TA0004 – Credential Access: Phishing risks due to address bar spoofing in Firefox for Android.
- TA0005 – Impact: System instability and crashes resulting from memory corruption.
Full Story: https://thecyberexpress.com/cert-in-reports-mozilla-vulnerabilities/