The new Mozilla Firefox update fixes not one, but two zero-day vulnerabilities, which are being actively exploited by hackers.
(Photo: by NICOLAS ASFOURI/AFP via Getty Images)
A desktop screen in an office in Bangkok on June 25, 2013 shows the homepage of the Mozilla Firefox browser with a message for its users that reads: ‘Security and privacy are not optional. Join a broad coalition to demand that the NSA stop watching us: stopwatching.us,” which links to a petition to the U.S. Congress to end NSA surveillance. On June 24, the White House lobbied the Russia to deport US intelligence leaker Edward Snowden and warned China that it had damaged confidence-building efforts by allowing him to leave Hong Kong.
Mozilla Firefox New Update
Mozilla has released a bugfix patch for the desktop and mobile Android client of the Firefox web browser, according to a report by Computer Beep.
On top of that, the nonprofit organization behind the open-source browser has also updated its Extended Support Release for businesses and its privacy-focused app, Focus, to patch existing exploits.
The new update brings Firefox desktop version 97.0.2, 97.3.0 for its Android mobile app, 97.3.0 for its privacy-focused platform, and 91.6.1 for the extended support version.
Mozilla Firefox update fixes exploits
Bleeping Computer noted in the same report that the previous release of Firefox apps on various platforms had two zero-day bugs, which cyberattackers are actively exploiting.
The two zero-day vulnerabilities found in Firefox browsers are “use-after-free” exploits. It allows cyber attackers to use the bug to control their victims’ machines.
(Photo: by LEON NEAL/AFP via Getty Images)
A screen displays the logo of the open-source web browser Firefox July 31, 2009, in London, as the software nears its billionth download within the next twenty-four hours. First released in 2004, the browser currently holds around 31% market share, with Microsoft’s Internet Explorer dominating the field with 60%.
On top of that, “use-after-free” bugs could use memory from a program that was previously removed. Once the hackers have already taken over the victim’s device without their consent, the program or application crashes.
The outlet further noted that critical exploits such as those found on Firefox do all sorts of things. The hackers could remotely attack their victims to perform many commands like installing malware to start the cyberattack.
Read also : Mozilla ‘Firefox Reality’ is scrapped by the company, VR browser is relaunched as ‘Wolvic’ – Why?
Firefox security vulnerabilities
According to a safety notice from the MozillaComment Foundation, the new version of Firefox fixed security flaws, which had a “high” impact.
The Mozilla Foundation then shared the two zero-day exploits that the new update has already resolved.
First, CVE-2022-26485, which has been abused by attackers in the wild, the nonprofit said. This was reported by the folks at 360 ATA, namely Yang Kang, Huang Yi, Liu Jialei, Du Sihang, and Wang Gang.
The second is called CVE-2022-26486, which Mozilla says has also been exploited in the wild. It was also reported to the creators of Firefox by the same people who first reported the vulnerability.
It should be noted that both of these Firefox exploits are alarmingly classified as “critical”.
Related article: Chrome, Edge and Firefox web browsers may experience issues with websites after version 100 update
This article belongs to Tech Times
Written by Teejay Boris
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.