The Directorate General for Information Systems Security (DGSS), under the administration of national defense, alerts users, individuals as organizations, on the existence of critical vulnerabilities affecting old versions of the Mozilla Firefox browser.
These security flaws, qualified as severe, allow remote attackers to take control of vulnerable systems via the execution of arbitrary code, thus compromising the integrity, confidentiality and availability of data, in particular sensitive authentication information such as passwords.
In a high critical security notice, the DGSS strongly recommends that Firefox users consult the security bulletin published by Mozilla and to install the latest updates available.
The versions concerned by these vulnerabilities are: the standard editions of Firefox prior to version 138, editions Extended Support Release (ESR) prior to version 115.23, and those preceding the 128.10 version in the branches concerned.
Mozilla has published a security correction dealing with several flaws, which can be used by cybercriminals to: execute malicious remote code, access confidential data, and climb privileges in order to obtain total control over the targeted system.
-Indeed, the identified risks include in particular: the injection and execution of malicious code without user interaction, the exfiltration of sensitive data (identifiers, personal information, critical files), and the elevation of privileges allowing the attacker to completely compromise the system environment.
Approached by Hespress, Hassan Kherjouj, expert in secure development and cybersecurity, specifies that “These vulnerabilities still affect many administrations and public organizations which continue to exploit obsolete versions of the navigator”. He emphasizes that”The faults allow the injection of exploitable scripts into attacks by distributed service (DDOS) or the fraudulent use of the compromised machines with distancinge”.
For Kherjouj, the responsiveness is crucial: users must imperatively apply updates, and institutional structures are particularly concerned, given the highly sensitive nature of the data they handle.
For his part, Taieb Hezzaz, cybersecurity expert, adds that “This vulnerability allows a malicious actor to deploy useful malicious loads on compromise positions, facilitating the furtive exfiltration of confidential data”.
He also indicates that “Similar faults have been detected on certain versions of Google Chrome. Users are therefore invited to check the automatic update settings for their browsers or, if necessary, to manually install the latest secure versions”.
