PSA: Update Mozilla Firefox, Thunderbird, and Focus Immediately

Mozilla has issued updates for Firefox, Firefox for Android, Thunderbird, and Firefox Focus to fix two vulnerabilities being actively exploited in the wild....
PSA: Update Mozilla Firefox, Thunderbird, and Focus Immediately
Written by Matt Milano

Mozilla has issued updates for Firefox, Firefox for Android, Thunderbird, and Firefox Focus to fix two vulnerabilities being actively exploited in the wild.

Firefox, while not nearly as popular as Chrome, is one of the most important web browsers on the market, an open source alternative with a focus on privacy. Mozilla says both vulnerabilities are being actively exploited by bad actors, making it critically important to update immediately.

Here’s Mozilla’s description of the two issues:

CVE-2022-26485: Use-after-free in XSLT parameter processing: “Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.”

CVE-2022-26486: Use-after-free in WebGPU IPC Framework: “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”

Both issues have been addressed in these updates:

  • Firefox 97.0.2
  • Firefox ESR 91.6.1
  • Firefox for Android 97.3
  • Focus 97.3
  • Thunderbird 91.6.2

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us