Firefox zero-days discovered

By on
Firefox zero-days discovered

Mozilla patches browser.

Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.

The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.

A second memory corruption bug in the WebGPU graphics acceleration feature could also trigger a use-after-free condition, and be used to escape the sandbox system protection feature in Firefox.

Mozilla has issued updated versions of Firefox, including 97.0.2, ESR 91.6.1, Android 97.3
and its privacy-oriented Focus 97.3 web browser, that handles the vulnerabilities.

In both cases, the bugs were reported to Mozilla by researchers from China-based 360 ATA. 

Mozilla did not disclose further details on the reported attacks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

  |  Forgot your password?