Mozilla has issued updates for Firefox, Firefox for Android, Thunderbird, and Firefox Focus to fix two vulnerabilities being actively exploited in the wild.
Firefox, while not nearly as popular as Chrome, is one of the most important web browsers on the market, an open source alternative with a focus on privacy. Mozilla says both vulnerabilities are being actively exploited by bad actors, making it critically important to update immediately.
Here’s Mozilla’s description of the two issues:
CVE-2022-26485: Use-after-free in XSLT parameter processing: “Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.”
CVE-2022-26486: Use-after-free in WebGPU IPC Framework: “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”
Both issues have been addressed in these updates:
- Firefox 97.0.2
- Firefox ESR 91.6.1
- Firefox for Android 97.3
- Focus 97.3
- Thunderbird 91.6.2