June 14, 2024

Firefox: Mozilla provides a patch against actively exploited vulnerabilities

Firefox: Mozilla provides a patch against actively exploited vulnerabilities

Mozilla has a new update for Firefox browser chest. The current version 97.0.2 eliminates two serious vulnerabilities and therefore should definitely be installed. Since vulnerabilities also affect the ESR version, ESR users will also receive a new build.

The vulnerabilities are located under the designations CVE-2022-26485 and CVE-2022-26486 Famous. how Naked Security Explain that the first vulnerability is a bug in the handling of XSLT parameters, which can lead to memory not being freed properly and the attacker’s ability to execute arbitrary code on third-party machines. The second vulnerability is a sandbox escape bug. Hackers can use this to circumvent security mechanisms and inject malware through the browser.

The loopholes must already be exploited

Mozilla emphasizes that the vulnerabilities are already being exploited in practice, making it a zero-day exploit. It is therefore advised to download the update as soon as possible. So far, the browser developers have not provided any exact details about the vulnerabilities.

Although Firefox is primarily an open source project, Mozilla has temporarily restricted access to the latest source code changes. This is to prevent more hackers from using the vulnerability and launching attacks before many users have installed the patch.

The patch not only refers to the normal version and ESR variant of Firefox, but also as version 97.3.0 for Android Browser to get rid of them. In most cases, the update should download automatically. Alternatively, the update can be triggered via the corresponding option in the settings or via the Google Play Store.

See also  Nostalgic city builder leaves early access

Download Mozilla Firefox: An Open Source Web Browser
See also:

Browser, Logo, Firefox, Mozilla, Mozilla Firefox, Firefox Browser, Firefox Mobile