Firefox zero-days discovered

By

Mozilla patches browser.

Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.

Firefox zero-days discovered

The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.

A second memory corruption bug in the WebGPU graphics acceleration feature could also trigger a use-after-free condition, and be used to escape the sandbox system protection feature in Firefox.

Mozilla has issued updated versions of Firefox, including 97.0.2, ESR 91.6.1, Android 97.3
and its privacy-oriented Focus 97.3 web browser, that handles the vulnerabilities.

In both cases, the bugs were reported to Mozilla by researchers from China-based 360 ATA. 

Mozilla did not disclose further details on the reported attacks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?