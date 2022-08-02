CERT-In issued alerts on Monday outlining multiple high-severity vulnerabilities in Mozilla Firefox and Oracle products | Photo Credit: Reuters

August 02, 2022 12:57 IST

CERT-In issued alerts on Monday outlining multiple high-severity vulnerabilities in Mozilla Firefox and Oracle products. The vulnerabilities are said to be used by remote attackers to bypass security restrictions and execute arbitrary code on affected systems.

The vulnerabilities reported in Mozilla Firefox can allow a remote attacker to bypass security restrictions, access sensitive information, perform spoofing attacks, execute arbitrary code and cause a denial of service on target systems.

These vulnerabilities exist due to memory safety bugs within the browser that can be triggered while opening local <code>.Ink </code> files, preload cache that bypasses subresource integrity. This can cause a leak of cross-site resources while redirecting information when using the performance API.

The vulnerability can cause hanging of user interface while visiting a website with a long URL, mouse position spoofing with CSS transforms, directory indexes for bundled resources, and reflected URL parameters

The threat alert also points out that successful exploitation of these vulnerabilities can allow attackers to open specially crafted web requests and bypass security restrictions thus gaining access to sensitive information to perform spoofing attacks on targeted systems.

The vulnerabilities can be fixed by updating to Mozilla Firefox version 103, Mozilla Firefox ESR version 102.1 and 91.12.

In Oracle

Vulnerabilities have been reported in multiple Oracle products which can be exploited by attackers to execute arbitrary code to bypass security restrictions and gain unauthorised access to resources on targeted systems

The vulnerabilities have been reported in various components of Oracle products and some of them can be exploited over a network without requiring user credentials.

According to the report from CERT-In, these vulnerabilities can be used by an attacker to execute arbitrary code, bypass security restrictions and gain unauthorized access to restricted resources on the targeted system.

The report recommends applying appropriate security updates mentioned in Oracle’s critical security patch update for July 2022 to fix the vulnerabilities.