Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.
The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.
A second memory corruption bug in the WebGPU graphics acceleration feature could also trigger a use-after-free condition, and be used to escape the sandbox system protection feature in Firefox.
Mozilla has issued updated versions of Firefox, including 97.0.2, ESR 91.6.1, Android 97.3
and its privacy-oriented Focus 97.3 web browser, that handles the vulnerabilities.
In both cases, the bugs were reported to Mozilla by researchers from China-based 360 ATA.
Mozilla did not disclose further details on the reported attacks.
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
Huntress _declassified Virtual Event
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
_(1).jpg&h=140&w=231&c=1&s=0)
