- By Alex David
- Wed, 02 Jul 2025 05:53 PM (IST)
- Source:JND
The Indian Computer Emergency Response Team (CERT-In) has released a high-severity advisory for Mozilla Firefox, noting several security flaws that could endanger personal and organisational information. Issued under the authority of the Ministry of Electronics and Information Technology (MeitY), the warning applies to both the standard and Extended Support Release (ESR) editions of the browser.
What’s Affected?
CERT-In's advisory (CIVN-2025-0138) lists several Firefox builds as vulnerable:
- Mozilla Firefox: Versions prior to 140
- Firefox ESR: Versions prior to 115.25 and prior to 128.12
Who is at Risk?
- Individual users browsing unpatched systems.
- Enterprise users and large organisations face particular risks, as one exploit could expose large volumes of sensitive data.
Nature of the Vulnerabilities
CERT-In attributes the flaws to:
- Memory corruption.
- Improper handling of web requests.
An attacker could exploit these vulnerabilities by misleading a victim into visiting a malicious website and exploiting its security vulnerabilities to:
- Execute arbitrary code
- Bypass existing security features
- Escalate privileges
- Access sensitive system data
How to Stay Protected
To close the security gap, users should:
- Update immediately to the latest versions of Firefox and Firefox ESR.
- Review Mozilla’s security portal for detailed patch notes and technical notes.
- Avoid clicking on unfamiliar links until the browser is fully patched.
- In enterprises, system administrators should push the updates to every endpoint promptly.
Bottom Line: Running an outdated Firefox leaves your system exposed. These bugs can enable attackers to seize full control if patches are delayed. CERT-In's warning serves as a timely reminder that keeping software up to date is one of the most effective ways to defend personal and organisational security.