Lately, Mozilla rolled out Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Firefox Focus 97.3.0 fixing two critical zero-day vulnerabilities exploited in the wild.
Both of the zero-day vulnerabilities have been identified as Use-after-free bugs which the hackers actively exploit to crash the system and concurrently allow execution of commands on the victim device without any permission.
Basically, User After Free or UAF is a memory corruption bug that emerges while an application tries to access the memory after it has been freed.
These bugs are termed as highly critical as the threat actor can exploit them to execute any command and in the worst case install malware to the targeted system.
Mozilla has fixed the following two zero-day vulnerabilities:
- CVE-2022-26485: Use-after-free in XSLT parameter processing – Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
Regarding the two zero-day vulnerabilities, Mozilla has explained on its security advisory that the Firefox developers acknowledge that the vulnerabilities are being exploited in the wild.
Meanwhile, Mozilla hasn’t provided any statement about how these threat actors are exploiting the vulnerabilities.
Qihoo 360 ATA, a Chinese cybersecurity company was the first one to identify the vulnerabilities and report them to Mozilla.
Last but not the least, as these vulnerabilities are highly vulnerable in nature, we suggest you update your Mozilla browsers as soon as possible.
Users can look for the update by navigating to the Firefox menu > Help > About Firefox. By doing so Firefox will automatically look for any available updates and install them on the next restart.
Alternatively, you can download Mozilla Firefox for Windows, macOS, and Linux from the links mentioned dropped below:
- Firefox 97.0.2 for Windows 64-bit
- Firefox 97.0.2 for Windows 32-bit
- Firefox 97.0.2 for macOS
- Firefox 97.0.2 for Linux 64-bit
- Firefox 97.0.2 for Linux 32-bit
Are you looking for more software news? Stay tuned for the latest software news from top tech industries