Firefox zero-days discovered

By

Mozilla patches browser.

Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.

Firefox zero-days discovered

The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.

A second memory corruption bug in the WebGPU graphics acceleration feature could also trigger a use-after-free condition, and be used to escape the sandbox system protection feature in Firefox.

Mozilla has issued updated versions of Firefox, including 97.0.2, ESR 91.6.1, Android 97.3
and its privacy-oriented Focus 97.3 web browser, that handles the vulnerabilities.

In both cases, the bugs were reported to Mozilla by researchers from China-based 360 ATA. 

Mozilla did not disclose further details on the reported attacks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
firefoxmozillasecurity

Sponsored Whitepapers

What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study
"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party
Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors
Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?