Connect with us

Hi, what are you looking for?

Technology

Mozilla patches two actively exploited zero-day vulnerabilities in Firefox

The big picture: Mozilla has released new versions of its Firefox browser that correct a pair of critical zero-day vulnerabilities. Both have already been actively exploited in the wild, so you’ll want to grab the patch ASAP to avoid exposure.

The vulnerabilities, labeled CVE-2022-26485 and CVE-2022-26486are both use-after-free (UAF) vulnerabilities that were reported to Mozilla by Chinese Internet security company Qihoo 360. As Kaspersky highlightsthese types of vulnerabilities relate to the incorrect use of dynamic memory during a program’s execution.

Pointers in a program refer to data sets in dynamic memory. If a data set is deleted or moved to another block but the pointer, instead of being cleared (set to null), continues to refer to the now-freed memory, the result is a dangling pointer. If the program then allocates this same chunk of memory to another object (for example, data entered by an attacker), the dangling pointer will now reference this new data set. In other words, UAF vulnerabilities allow for code substitution.

CVE-2022-26485 relates to a UAF flaw in XSLT parameter processing, while the other deals with UAF in the WebGPU PIC framework. Mozilla in its security advisory said they have reports of attacks in the wild utilizing both bugs.

You can grab the latest version of Mozilla Firefox for your platform of choice over on our downloads page or update manually through Firefox’s integrated help menu.

Mozilla’s Firefox has given up significant market share over the last decade or so. According to StatCounter, roughly a third of desktops worldwide used Firefox at the end of 2010. A year later, Google’s Chrome shot up in popularity and passed Firefox. By mid-2012, Chrome passed Microsoft’s Internet Explorer and hasn’t looked back.

As of last month, Firefox accounted for just 9.46 percent of the global desktop browser market. Industry leader Chrome, meanwhile, was used on 64.91 percent of machines.

Image credit Nata Figueiredo

Advertisement. Scroll to continue reading.

Click to comment

Leave a Reply

Latest

Top Stories

Ethereum’s native token, Ether (ETH), gained alongside riskier assets as investors assessed weak U.S. economic data and its potential to cool down rate hike...

Technology

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful...

Top Stories

United States Securities and Exchange Commission (SEC) chair Gary Gensler is in talks with Commodity Futures Trading Commission (CFTC) officials on a “memorandum of...

Online Business Success

Business professionals in a meeting presentation discussing company growth getty You’ve got a product the team’s excited about. The group wants to start getting...

Social Media

Are you looking for ways to improve your social media content? Want to add video to your strategy but not sure where to start?...

Top Stories

Sky Mavis, the creator of the play-to-earn game Axie Infinity (AXS), announced that it will reimburse victims of the Ronin bridge hack and reopen...

Advertisement

You May Also Like

Uncategorized

Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...

Advertisement