The vulnerabilities are located under the designations CVE-2022-26485 and CVE-2022-26486 Famous. how Naked Security Explain that the first vulnerability is a bug in the handling of XSLT parameters, which can lead to memory not being freed properly and the attacker’s ability to execute arbitrary code on third-party machines. The second vulnerability is a sandbox escape bug. Hackers can use this to circumvent security mechanisms and inject malware through the browser.
The loopholes must already be exploited
Mozilla emphasizes that the vulnerabilities are already being exploited in practice, making it a zero-day exploit. It is therefore advised to download the update as soon as possible. So far, the browser developers have not provided any exact details about the vulnerabilities.
Although Firefox is primarily an open source project, Mozilla has temporarily restricted access to the latest source code changes. This is to prevent more hackers from using the vulnerability and launching attacks before many users have installed the patch.
The patch not only refers to the normal version and ESR variant of Firefox, but also as version 97.3.0 for Android Browser to get rid of them. In most cases, the update should download automatically. Alternatively, the update can be triggered via the corresponding option in the settings or via the Google Play Store.
Download Mozilla Firefox: An Open Source Web Browser
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”