CERT-In issues alerts for multiple high severity vulnerabilities in Mozilla products and Drupal

Users are advised to update their software in order to fix the vulnerabilities

Updated - August 30, 2022 04:50 pm IST

CERT-In issues alerts for multiple high severity vulnerabilities in Mozilla products and Drupal

CERT-In issues alerts for multiple high severity vulnerabilities in Mozilla products and Drupal | Photo Credit: AP

CERT-In on Monday issued alerts for vulnerabilities in Mozilla products and Drupal which could allow remote attackers to bypass restrictions.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

CERT-In (Computer Emergency Response Team) regularly releases threat alerts for vulnerabilities present in software that could be utilised by attackers to compromise the security of affected systems. 

In Mozilla products

 High severity vulnerabilities in Mozilla products could allow remote attackers to bypass security restrictions, execute arbitrary code and cause denial of service. 

The vulnerability in Mozilla products exists due to the abuse of its XSLT error handling, cross-origin iframe referencing an XSLT document, data race in the PK11_ChangePW function that results in a use-after-free error and memory safety bugs within the browser engine. 

Attackers can exploit these vulnerabilities by convincing a victim to open a specially crafted web request. 

When exploited successfully, the vulnerabilities could allow remote attackers to bypass security restrictions, execute arbitrary code and cause denial of services on the targeted systems. 

Updating Mozilla software has been suggested to fix the vulnerabilities. 

In Commerce Elavon module of Drupal

Vulnerabilities with medium severity have been detected in the Commerce Elavon module of Drupal.

Drupal is an open source software that is predominantly used to create and manage websites. A vulnerability of medium severity in its Commerce Elavon module exists due to insufficient verification by the module, that it is communicating with the correct server when using the Elavon (On-site) payment gateway. 

The vulnerability can be exploited by an attacker by sending a specially crafted malicious request to the targeted system. 

Successful exploitation of the vulnerability could allow attackers to bypass security restrictions. Attackers can also leak valid payment details and accept invalid payment details by exploiting this vulnerability. 

Implementation of updates made available by the Drupal Security Advisory has been suggested to fix the vulnerability. 

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.