type here...
Software
Updated:

Mozilla Firefox 97.0.2 fixes two zero-day vulnerabilities

Sienna Rowley
By Sienna Rowley
1371
0
Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Lately, Mozilla rolled out Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Firefox Focus 97.3.0 fixing two critical zero-day vulnerabilities exploited in the wild.

Both of the zero-day vulnerabilities have been identified as Use-after-free bugs which the hackers actively exploit to crash the system and concurrently allow execution of commands on the victim device without any permission.

Basically, User After Free or UAF is a memory corruption bug that emerges while an application tries to access the memory after it has been freed.

These bugs are termed as highly critical as the threat actor can exploit them to execute any command and in the worst case install malware to the targeted system.

Mozilla has fixed the following two zero-day vulnerabilities:

  • CVE-2022-26485: Use-after-free in XSLT parameter processing – Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
  • CVE-2022-26486: Use-after-free in WebGPU IPC Framework – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

Regarding the two zero-day vulnerabilities, Mozilla has explained on its security advisory that the Firefox developers acknowledge that the vulnerabilities are being exploited in the wild.

Meanwhile, Mozilla hasn’t provided any statement about how these threat actors are exploiting the vulnerabilities.

Qihoo 360 ATA, a Chinese cybersecurity company was the first one to identify the vulnerabilities and report them to Mozilla.

Last but not the least, as these vulnerabilities are highly vulnerable in nature, we suggest you update your Mozilla browsers as soon as possible.

Users can look for the update by navigating to the Firefox menu > Help > About Firefox. By doing so Firefox will automatically look for any available updates and install them on the next restart.

Alternatively, you can download Mozilla Firefox for Windows, macOS, and Linux from the links mentioned dropped below:

Are you looking for more software news? Stay tuned for the latest software news from top tech industries

Previous article
Flexential plans to expand Denver data center
Next article
Linux Vulnerability ‘Dirty Pipe’ Gives Root Privileges
spot_img
- Advertisement -spot_img
Latest News
LinuxSienna Rowley -

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This

Category

Links

Stay connected

Newsletter Signup

Copyright © 2021 Cloudhostnews | All rights reserved