CERT warns of vulnerabilities in Chrome, Firefox
17 Feb 2014
Following detection of multiple vulnerabilities in popular web browsers Google Chrome and Mozilla Firefox, cyber security sleuths have advised internet users in the Indian cyberspace to guard against arbitrary activities on their systems.
In the backdrop of suspicious virus-based activities, internet users have been asked to upgrade their personal versions of these two most used web browsers on their work stations.
''Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird and SeaMonkey which could be exploited by a remote attacker to bypass certain security restrictions, disclose potentially sensitive information, gain escalated privileges, execute arbitrary code and causes denial of service condition on the affected system,'' the Computer Emergency Response Team of India (CERT-IN) said in its latest advisory to online users in the country.
According to CERT-In multiple vulnerabilities had been reported in Mozilla Firefox, Thunderbird and SeaMonkey which could be exploited by a remote attackers to bypass certain security restrictions, disclose potentially sensitive information, gain escalated privileges, execute arbitrary code and cause denial of service condition on the affected system.
CERT-In is the nodal agency to combat hacking, phishing and for the fortification of security-related defences.
According to commentators, a user-assisted remote attacker could exploit the vulnerabilities using a crafted website or webpage. The vulnerability could be successfully exploited to allow a user-assisted remote attacker to cause a denial of service condition.
Multiple vulnerabilities had been reported in Google Chrome which could be exploited by a remote attacker to cause denial of service condition or execute arbitrary code on the target system, CERT said.
It added that the maximum damage from vulnerabilities could lead to memory corruption, unwanted downloading of files, loss of sensitive information (when Mozilla Firefox is used in Android phones) and cause denial of various services on the internet to the user.