“Multiple vulnerabilities have been reported in Mozilla Firefox which could allow a remote attacker to escalate privileges, bypass security restrictions, access sensitive information, perform spoofing attack, timing-based side channel attack or execute arbitrary code on the targeted system,” said CERT-In.
Describing the vulnerabilities, CERT-In said, these security flaws exist in Mozilla Firefox due to a downgrade attack on the Mozilla Maintenance Service. As per the advisory, other issue include, “improper handling of prompts, improper usage of ECDSA signatures, side channel error in P-384 and P-521, improper resetting of the address bar after the before unload dialog was shown among others.”
A remote attacker could exploit these vulnerabilities by hosting a specially crafted webpage and then convince the user to visit the webpage using the affected product.
Meanwhile, CERT-In recently issued an advisory warning users about a new Android malware strain, called "BlackRock". This malware comes with data stealing capabilities, and is attacking a wide range of Android apps.
The BlackRock malware can ..
Support the originator by clicking the read the rest link below.