Government has a ‘high severity’ warning for Mozilla Firefox users: Details

CERT-In’s advisory states that this vulnerability exists in Mozilla Firefox due to use-after-free error in libaudio when used on Android API below version 30. “A remote attacker can exploit this vulnerability by persuading a victim to visit a specially crafted website,” it further states.

Successful exploitation of this vulnerability could allow a remote attacker to perform arbitrary code execution on the targeted system, it adds.

Are all Mozilla Firefox users impacted by the vulnerability?

In its advisory, CERT-In says that Mozilla Firefox versions prior to 110.1.0 are at risk. It also states that the vulnerability exists on the Android version of the browser. Other versions of Firefox are unaffected.

What should the impacted users do?

Mozilla says that it has fixed the above mentioned vulnerability with the version 110.1.0. “A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected,” it says.

The CERT-In advises the affected users to upgrade to Mozilla Firefox version 110.1.0 to stay safe.

In a related news, Mozilla Firefox has received three new extensions for its Android web browser. This will offer users an improved web surfing experience and simplify certain tasks. The extensions received by Mozilla Firefox include hiding the user email address while signing up to the website, removing tracking elements before sharing a URL and listening to an article. Using the ‘Firefox Relay’, users can hide their real email addresses. It will help them to protect their identity and comes across as a better safety feature. This would not let online entities collect your email address and use them for marketing or other prudent purposes.