The Indian Computer Emergency Response Team (CERT-In) issued a vulnerability note highlighting severe vulnerabilities in Mozilla products, particularly Firefox and Thunderbird. These vulnerabilities could allow remote attackers to conduct spoofing attacks, access sensitive data, execute arbitrary code, or cause denial of service. All users are urged to update their software promptly. Affected: Mozilla Firefox, Mozilla Thunderbird
Keypoints :
- High severity vulnerabilities discovered in Mozilla products.
- Affected versions include Firefox (prior to 135), Thunderbird (prior to 135), and their respective ESR versions.
- Flaws consist of use-after-free errors, memory safety bugs, and improper certificate validation.
- Exploitation could lead to unauthorized access, system crashes, and data breaches.
- Mozilla has issued security fixes to address these vulnerabilities across its software.
- Users are encouraged to update their software immediately to mitigate risks.
MITRE Techniques :
- Exploit Public-Facing Application (T1190): Attackers can exploit the vulnerabilities through specially crafted web requests.
- Remote Code Execution (T1203): Memory safety bugs could allow attackers to execute arbitrary code on affected systems.
- Denial of Service (T1499): Attacks could result in system crashes and denial of service conditions.
- Email Spoofing (T1564): Email sender spoofing can mislead users regarding the authenticity of incoming emails.
Indicator of Compromise :
- [CVE-ID] CVE-2025-1009
- [CVE-ID] CVE-2025-1010
- [CVE-ID] CVE-2025-1011
- [CVE-ID] CVE-2025-1013
- [CVE-ID] CVE-2025-0510
Full Story: https://thecyberexpress.com/critical-vulnerabilities-in-mozilla-products/