CERT-In has revealed through a couple of advisories that Mozilla Firefox and Google Chrome are plagued with vulnerabilities and that users should update to the latest versions of their respective browsers to avoid from being infected by a malware.
The affected software systems include Firefox versions prior to 27.0, Firefox extended support release (ESR) versions prior to 24.3, Thunderbird versions prior to 24.3, SeaMonkey versions prior to 2.24 and Google Chrome prior to version 32.0.1700.102.
CERT-IN (Computer Emergency Response Team of India), said the vulnerability is caused “due to improper restrict access to ‘about:home’ buttons by script on other pages in Mozilla Firefox”.
“A user-assisted remote attacker could exploit this vulnerability using a crafted website or webpage. Successful exploitation of this vulnerability could allow user-assisted remote attacker to cause a denial of service condition.”
“The two web browsers are an important tool for Internet surfing among Indian online consumers. The anomalies have been detected recently and it would be advised that users upgrade their existing versions sooner than later. These activities are mischiefs on part of hackers or they are harmful viruses,” said a cyber security expert.
According to the Cert-IN advisory, the maximum damage these vulnerabilities can cause is let hackers bypass certain security restrictions, gain escalated privileges, execute arbitrary code, memory corruption, unwanted downloading of files, cause of denial of various services on the Internet to the users, disclose potentially sensitive information (when Mozilla Firefox is used in Android phones).
Users are advised to keep a check on their systems and are suggested to either use proper security patches or upgrade the personal versions of their browsers on their respective workstation, in view of these malicious virus-based activities.