Mozilla has released four new updates in an attempt to patch two critical Firefox vulnerabilities that are allegedly being exploited in the wild.
Firefox 97.0.2., Firefox ESR 91.6.1., Firefox for Android 97.3.0., and Focus 97.3.0, have been launched addressing two serious zero-day flaws.
The zero-days in question are described as “Use-after-free”, bugs which, when abused, crash the browser while giving the attacker the ability to run any commands without permission. That means a threat actor could potentially abuse the flaw to run malware, ransomware, or any other malicious code on the target endpoint.
Malicious redirects
With these patches, Mozilla addressed CVE-2022-26485, and CVE-2022-26486, without going into detail on how exactly they’re being abused in the wild, aside from saying their use has been reported on.
Whatever the case may be, users are advised to patch up immediately, to prevent falling victim. They can do that by going to Firefox menu > Help > About Firefox, where the browser will automatically look for new updates and install them.
The updates are also available for download on these links:
Being the actual window to the internet, browsers are often in the crosshairs for hackers. Mozilla was forced to block access to two popular add-ons which had around a million users in late 2021 following reports they had been compromised.
Bypass and Bypass XM, two add-ons that were allegedly using reverse-proxies to allow users to access paywalled content, were said to be misusing the proxy API, thus interfering with the browser’s update functionality.
As users were prevented from downloading updates for the browser, as well as from accessing updated blocklists, the add-ons placed them in harm’s way.
- Stay safe with the best antivirus software right now
Via: BleepingComputer
