News

Mozilla fixes two actively exploited vulnerabilities in Firefox with patch

By admin
Spread the love

Mozilla fixes two vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3, Focus 97.3 and Thunderbird 91.6.2. Mozilla knows those vulnerabilities have been actively exploited and calls them “critical.”

The patch for the various Firefox browsers was released by Mozilla on Saturday and has been available for download ever since. The zerodays are both use-after-free vulnerabilities, one in XSLT parameter processing, the other in the WebGPU IPC framework. Such a vulnerability causes a program to attempt to use memory that has been freed up. If a malicious person exploits that vulnerability, the program crashes and code can be executed on a device without permission, Bleeping Computer explains.

The two vulnerabilities are serious, Mozilla writes. According to the company, both vulnerabilities have been exploited ‘in the wild’. The vulnerabilities have been assigned the CVE codes CVE-2022-26485 and CVE-2022-26486. The discovery of the vulnerabilities has been attributed by Mozilla to researchers at the Chinese security company Qihoo 360 ATA. Mozilla and Qihoo 360 ATA did not provide more details about how the vulnerabilities were exploited. It is not often that a zero day is found in Mozilla code.

You might also like
News

Firefox beta has support for Nvidia video upscaling technique

News

Meta announces Roblox for Quest headsets

News

Proton releases Windows app for encrypted cloud storage service Proton Drive

News

Fairphone releases Android 13 upgrade for Fairphone 3 and 3+

News

Jack Dorsey’s Twitter alternative Bluesky has been installed a million times

News

Microsoft is testing Edge feature that shows list of downloadable files on site