Mozilla has released out-of-band security updates to fix two zero-day flaws in its Firefox web browser that are being actively exploited by malicious actors.
Tracked as CVE-2022-26485 and CVE-2022-26486, the two vulnerabilities are described as use-after-free issues, one of which occurs when processing XSLT parameter and the other is related to the processing of messages in the WebGPU IPC framework. Both bugs allow a remote attacker to execute arbitrary code on the vulnerable system.
The vulnerabilities impact Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird.
Mozilla acknowledged that it is aware of “reports of attacks in the wild abusing this flaw,” but did not share any additional information regarding the attacks exploiting above mentioned issues.
Cybersecurity Help’s statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!