Mozilla has updated Firefox to version 97.0.2 to fix two active vulnerabilities currently being exploited in the wild. If you’re a Firefox user, you’re going to want to update as soon as possible to make sure your browser is secure.
The exploits are CVE-2022-26485 and CVE-2022-26486. Mozilla described the exploits on its website. “Removing an XSLT parameter during processing could have led to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw,” is how the company describes CVE-2022-26485.
For CVE-2022-26486, the company said, “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”
Mozilla credits finding the exploits to researchers at Chinese security firm Qihoo 360 ATA, Wang Gang, Liu Jialei, Du Sihang, Huang Yi, and Yang Kang.
In addition to Firefox 97.0.2, the company has updated Firefox ESR to 91.6.1, Firefox for Android to 97.3.0, and Focus to 97.3.0.
Mozilla lists these as high-impact vulnerabilities, so you definitely don’t want to wait to update Firefox. Anytime a significant vulnerability is actively being exploited, you want to get the fix as quickly as possible to keep yourself safe and secure while you browse the web.