India Flags High-Risk Security Flaws in Mozilla Firefox and Thunderbird, Users Urged to Update Immediately

Mozilla Firefox and Thunderbird users in India have been advised to act quickly after the Indian government issued a critical cybersecurity warning about serious vulnerabilities affecting both platforms. The alert, released through the Indian Computer Emergency Response Team (CERT-In), highlights multiple high-severity flaws that could expose millions of users to potential data theft and cyberattacks.

Over the past few weeks, the government has released several advisories concerning security risks across Android, Apple, and Chrome ecosystems. Now, Mozilla’s popular browser and email client have come under scrutiny, raising fresh concerns among users who rely on these tools for daily browsing and communication.

According to the January 2026 security bulletin, the vulnerabilities could be exploited remotely if a user unknowingly interacts with a malicious link or specially crafted web content. Attackers may use these weaknesses to access sensitive information, compromise privacy, or even take control of affected systems.

CERT-In explained the seriousness of the issue in its advisory, stating: “Multiple vulnerabilities exist in Mozilla products due to Mitigation bypass in the Privacy: Anti-Tracking component; Use-after free in the Layout: Scrolling and Overflow component; CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request."

The warning applies to several versions of Mozilla’s products. Systems running Mozilla Firefox versions prior to 147.0.2, Mozilla Thunderbird versions prior to 140.7.1, and Mozilla Thunderbird versions prior to 147.0.1 are considered vulnerable.

Security experts say these flaws could allow cybercriminals to bypass privacy protections, extract confidential data from emails, or trigger memory-related issues that may lead to crashes or exploitation. For everyday users, this means that simply clicking an unknown link or opening suspicious content could potentially expose their device to risk.

Mozilla has already responded by releasing patches to address the vulnerabilities. Both the company and CERT-In strongly recommend updating to the latest versions immediately to ensure protection. Delaying updates could leave systems open to attack.

Apart from updating, users are encouraged to follow basic cybersecurity practices. These include avoiding downloads from unofficial sources, refraining from clicking unknown links, and being cautious when opening emails from unfamiliar senders.

With cyber threats growing more sophisticated each year, timely software updates remain one of the simplest yet most effective defenses. For Firefox and Thunderbird users, installing the latest patch could make the difference between staying secure and falling victim to a preventable breach.

In short, if you use Mozilla’s browser or mail client, now is the time to update — not later.