Mozilla has released four new updates in an effort to patch two critical Firefox vulnerabilities that are believed to be exploited in the wild.
Firefox 97.0.2., Firefox ESR 91.6.1., Firefox for Android 97.3.0. and Focus 97.3.0 were released to fix two serious zero-day bugs.
The zero days in question are described as “use after free” bugs that, when abused, crash the browser and give the attacker the ability to execute any command without permission. This means that a malicious actor could abuse the flaw to execute malware, ransomware, or other malicious code on the target device.
With these patches, Mozilla has addressed CVE-2022-26485 and CVE-2022-26486, without going into detail about how they are abused in the wild, other than to say that their use has been reported.
In any case, users are advised to fix it immediately to avoid being victimized. They can do this by going to Firefox Menu > Help > About Firefoxwhere the browser will automatically check for new updates and install them.
Updates are also available for download at these links:
Being the true window to the Internet, browsers are often targeted by hackers. Mozilla was forced to block access to two popular plugins that had around a million users at the end of 2021 after reports that they had been compromised.
Bypass and Bypass XM, two plugins that allegedly used reverse proxies to allow users to access paid content, allegedly abused the proxy API, thereby interfering with browser refresh functionality.
Since users were prevented from downloading updates for the browser, as well as accessing updated block lists, the add-ons put them at risk.