“We have had reports of attacks in the wild abusing this flaw,” Mozilla notes in its advisory. The first of the vulnerabilities can be triggered by removing an Extensible Stylesheet Language Transformations (XSLT) parameter during processing, while the second bug is triggered by an unexpected message in the WebGPU inter-process communication (IPC) framework. Tracked as CVE-2022-26485 and CVE-2022-26486 and rated “critical severity,” the two security holes are use-after-free issues that were discovered and reported by security researchers with Qihoo 360 ATA. Mozilla over the weekend issued an emergency security update for Firefox to address two zero-day vulnerabilities that have been exploited in attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |