Mozilla fixes two critical Firefox flaws that are being actively exploited

Date:

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY


People who use Firefox as one of their browsers should update it now that it’s gained patches for two critical flaws that are being exploited in the wild. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Mozilla just released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 with the security fixes. The bugs are also fixed in Thunderbird 91.6.2. 

Both CVE-2022-26485 and CVE-2022-26486 are critical use-after-free memory-related flaws. CVE-2022-26486 could also lead to an exploitable sandbox escape, according to Mozilla

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

“Removing an XSLT parameter during processing could have led to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw,” Mozilla explains. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

“An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

WebGPU is a browser specification for various interfaces that allow a web page to use a system’s GPU for improved graphics. 

Mozilla hasn’t released further details, but credits the bug reports to researchers at Chinese security firm Qihoo 360 ATA, Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang.    

While Firefox user numbers are declining, Mozilla performed fairly well in Google Project Zero’s analysis of how quickly software vendors fixed bugs. Mozilla patched nine of the 10 bugs affecting its software within 90 days of the initial report. It also took an average 46 days to fix bugs compared to 44 days for Google, 69 days for Apple, and 83 days for Microsoft. 

Looking at browsers, Chrome was the fastest and with 40 fixed bugs it had an average time to patch of 5.3 days. WebKit had 27 bugs and an 11.6-day average time to patch, while Firefox had eight bugs and a 16.6-day average time to fix. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

A guide to VPN troubleshooting: fix all your VPN problems

The best VPN services run smoothly in the...

Private Internet Access (PIA) VPN review

Private Internet Access (also called PIA) is an...

Shopee layoffs: Tech redundancies necessary for industry

CNA – Tech companies have slashed jobs this...