According to CISA's National Cyber Awareness System, "Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates." Avihay Cohen, CTO and Co-Founder at Seraphic Security, shared insights on what the alert means for organizations' cyber risk and how browsers have become a frequent target for threat actors: “The Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on Mozilla’s security update to address vulnerabilities found in Thunderbird, Firefox ESR and Firefox. The affected systems include Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108, with 15 vulnerabilities ranking a ‘high’ impact.
This recent advisory serves as the latest example of security issues found in major browsers. In October, Google released emergency updates to an exploited zero-day flaw found in the Chrome web browser. CISA has encouraged the review of Mozilla’s security advisors and an update to the targeted vulnerabilities. These vulnerabilities found within two popular browsers emphasize the importance of securing the most-used productivity tool for today’s employees: the browser.
Browsers have increasingly become the main target for threat actors due to the abundant information stored–both for personal and work use. Because so much of our daily work and personal activities live in the browser, it’s the perfect gateway for threat actors to reach an organization’s core. As browsers become more complex with new features and uses, threat actors will heavily target browser bugs and vulnerabilities as we move into 2023 to breach organizations and access sensitive data. With the growing complexity of additional features within the browser, organizations must implement an equally complex browser security strategy. Organizations need to block and prevent potential exploits before they occur, thus eliminating the risk of private and personal data being exposed.” ###