CERT-In released a notification for ISO users regarding Mozilla Firefox vulnerabilities.
Software affected:
- Mozilla Firefox ISO Versions prier to 124
Several vulnerabilities have surfaced in Mozilla Firefox, presenting avenues for remote attackers to execute arbitrary code or circumvent security restrictions on affected systems.
These vulnerabilities stem from Firefox's handling of JavaScript URLs when dragged into the address bar and its failure to update the secure icon to reflect mixed content security status promptly after insecure elements are introduced to a page. Exploitation of these flaws requires tricking a victim into accessing specially crafted web requests.
If successfully exploited, these vulnerabilities could empower remote attackers to execute arbitrary code or bypass security restrictions on the targeted system.
Solutions:
Apply appropriate fixes issue by the vendor https://www.mozilla.org/en-US/security/advisories/mfsa2024-17/
