Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to address a couple of critical zero-day vulnerabilities, tracked as CVE-2022-26485 and CVE-2022-26485, actively exploited in attacks.
The two vulnerabilities are “Use-after-free” issues in XSLT parameter processing and in the WebGPU IPC Framework respectively.
Successful exploitation of the flaws can cause a program crash or execute arbitrary commands on the machine.
Below is the description of both flaws included in the advisory published by Mozilla:
“We have had reports of attacks in the wild abusing this flaw.” reads the advisory for both issues.
Mozilla hasn’t shared details about the attacks.
These vulnerabilities were reported by security researchers from the Chinese cybersecurity firm Qihoo 360 ATA.
Users are commended to install security updates immediately.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Mozilla)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.