Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.
The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.
A second memory corruption bug in the WebGPU graphics acceleration feature could also trigger a use-after-free condition, and be used to escape the sandbox system protection feature in Firefox.
Mozilla has issued updated versions of Firefox, including 97.0.2, ESR 91.6.1, Android 97.3
and its privacy-oriented Focus 97.3 web browser, that handles the vulnerabilities.
In both cases, the bugs were reported to Mozilla by researchers from China-based 360 ATA.
Mozilla did not disclose further details on the reported attacks.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
