Subscribe Now! Get features like

Mumbai Two serious vulnerabilities in Mozilla products have come to light which can grant hackers access to your device’s camera and microphone if exploited successfully. Both vulnerabilities have been officially acknowledged by Mozilla as well as the Indian Computer Emergency Response Team (CERT-In), the country’s apex agency for cybersecurity.

On Monday, CERT-In issued a warning for seven vulnerabilities, including these two, that exist in various Mozilla FireFox, Mozilla ESR and Mozilla Thunderbird. While Firefox is a regular browser, Firefox Extended Support Release (ESR) is developed for large organisations like universities and businesses and Thunderbird is an application that helps individuals and organisations manage their email.

“Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system,” CERT-In’s advisory states. CERT-In has classified all the seven vulnerabilities as ‘high’ in severity.

Execution of arbitrary code means that a hacker, once inside the system, can run any command that they want to, effectively granting them control over the entire system. Denial of service is a common form of cyberattack where attackers cause losses to organisations by disrupting the service that is provided to the consumers.

The most serious one exists in Mozilla ESR and can grant access to all the permissions that have been granted to the browser, including camera and microphone. The second one affects the Android version of Firefox and can enable recording of audio on the target computer without the user getting a notification about it.

All the seven vulnerabilities have been officially acknowledged by Mozilla in an update on their website. Mozilla, too, has rated them as ‘High’ in severity. According to Mozilla’s own criteria, a ‘High’ severity means that Vulnerability can be used to gather sensitive data from sites in other windows, or inject data or code into those sites, requiring no more than normal browsing actions.

All of them have been assigned individual Common Vulnerabilities and Exploits (CVE) numbers, which are a formal acknowledgement in the cybersecurity law enforcement community. The CERT-In is one of the agencies in the world that is recognised as a CVE assigning authority.

Mozilla has released patches for all the seven vulnerabilities and CERT-In has urged users to immediately download the latest updates to install these patches. Prompt updating is especially important in light of a latest research report, which showed that hackers start looking for and exploiting devices with unpatched vulnerabilities as soon as the vulnerabilities are officially announced in the public domain.

Goa police to interrogate alleged serial killer arrested in Madhya Pradesh

The 19-year-old alleged serial killer, Shivprasad Dhurve, who was arrested in Madhya Pradesh's Sagar for murdering four watchmen and injuring another, will be interrogated by the Goa police as the pattern of the murders matched with some incidents in the coastal state, said an investigating officer. Dhurve told police that he wanted to get popular to earn money. “He saw some videos to get popular and earn money by terrorising people,” said the SP.

AAP on expansion drive in Karnataka, sets sights on making a mark in BBMP polls

On the electoral front, the party's immediate aim is to do well in the polls to the city's civic body Bruhat Bengaluru Mahanagara Palike (BBMP) expected later this year, says its state unit Vice President Bhaskar Rao. AAP has targeted to enroll 10,000 members in each of the city's 243 wards, hRao, a former Bengaluru Police Commissionertold PTI. "We see a huge growth potential in Karnataka".

Your space: Punekars celebrate Ganeshotsav grandly, with Covid safety

Readers share their experience of celebrating Ganeshotsav after two years without Covid restrictions. Sangeetha Baheti Just another way of coning tax paying citizens Ganeshotsav is a perfect example of how politicians exploit the sentiments of tax paying citizens for their benefit. Maithily Manekwad A positive outlook This year, Ganeshotsav is full of positive energy. We should all celebrate the festival with safety precautions and maintain a covid appropriate behaviour.

Duo steals a Ganesha idol in Bengaluru, but fate had something else in store

Two men who were on a mission to steal a Ganesh idol in Bengaluru's Chamarajpet met with an accident, but still managed to cause some damage to the deity before fleeing the spot. The incident reportedly happened on Wednesday when the city was celebrating Ganesh Chaturthi festivities. The duo had left the damaged idol on the road and fled the spot after crashing on the road.

Indore to soon start working 24X7 to facilitate IT, BPO sectors and start-ups

The Indore district administration in Madhya Pradesh is all set to open round-the-clock working activities in areas around the Bus Rapid Transit System corridors to attract investment especially in the Information Technology sector, an official said. Local administration held a meeting with police officials, business establishments and elected representatives on Saturday in Indore to discuss the roadmap for opening of such activities in certain areas of the state's biggest city.

Personalise your news feed. Follow trending topics