Mozilla Firefox New Update FIXES Two Actively Exploited Bugs

By

Mozilla Firefox's new update fixes not one, but two zero-day vulnerabilities, which are actively exploited by hackers.

Mozilla Firefox New Update FIXES Two Actively Exploited Bugs
A desktop screen at an office in Bangkok on June 25, 2013 displays the homepage for the Mozilla Firefox browser with a message for its users that says: "Security and privacy are not optional. Stand with a broad coalition to demand that the NSA stop watching us: stopwatching.us", which links to a petition to the US Congress to end NSA monitoring. The White House pressured Russia on June 24 to expel fugitive US intelligence leaker Edward Snowden and warned China it had harmed efforts to rebuild trust by allowing him to leave Hong Kong. by NICOLAS ASFOURI/AFP via Getty Images

Mozilla Firefox New Update

Mozilla has released a bug-fixing patch for both the desktop and mobile Android client of the Firefox web browser, as per a news story by Bleeping Computer.

On top of that, the non-profit behind the open-source browser also updated its Extended Support Release version for enterprises and its privacy-focused app, Focus, to fix the existing exploits.

The new update brings the 97.0.2 version of Firefox on desktop, 97.3.0 for its Android mobile app, 97.3.0 for its privacy-focused platform, and 91.6.1 for the Extended Support Release.

Mozilla Firefox Update Fixes Exploits

Bleeping Computer noted in the same news story that the previous version of Firefox apps in various platforms have two zero-day bugs, which cyberattackers are actively exploiting.

The two zero-day vulnerabilities found on the Firefox browsers are "use-after-free" exploits. It allows cyber attackers to use the bug to control the machines of their victims.

Mozilla’s Firefox 100 Releases with Exciting Features! Is it Better Than Chrome Now?
A screen displays the logo of the open-source web browser Firefox on July 31, 2009, in London, as the software edges towards it's billionth download within the next twenty four hours. by LEON NEAL/AFP via Getty Images

On top of that, "use-after-free" bugs could use memory from a program that has previously been deleted. Once the hackers are already taking over the device of the victim without any consent, the program or app will crash.

The news outlet further noted that critical exploits such as the ones found on Firefox do all sorts of things. Hackers could remotely attack their victims to perform numerous commands, such as installing malware to start the cyberattack.

Firefox Security Vulnerabilities

According to a security advisory from the Mozilla Foundation, the new version of Firefox fixed security vulnerabilities, which had a "high" impact rating.

Mozilla Foundation went on to share the two zero-day exploits that the new update has already solved.

First, the CVE-2022-26485, which has been abused by attackers in the wild, the non-profit said. It was reported by the folks from 360 ATA, namely Yang Kang, Huang Yi, Liu Jialei, Du Sihang, and Wang Gang.

The second one goes by the name CVE-2022-26486, which Mozilla also stated has been exploited in the wild. It was also reported to the makers of Firefox by the same folks who have tipped the first vulnerability.

It is worth noting that both of these Firefox exploits are alarmingly rated as "critical."

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Mozilla FirefoxFirefoxMozilla
Join the Discussion
Most Popular
Real Time Analytics