The large image: Mozilla has launched new variations of its Firefox browser that appropriate a pair of essential zero-day vulnerabilities. Each have already been actively exploited within the wild, so you may wish to seize the patch ASAP to keep away from publicity.
The vulnerabilities, labeled CVE-2022-26485 and CVE-2022-26486, are each use-after-free (UAF) vulnerabilities that had been reported to Mozilla by Chinese language Web safety firm Qihoo 360. As Kaspersky highlights, some of these vulnerabilities relate to the inaccurate use of dynamic reminiscence throughout a program’s execution.
Pointers in a program consult with information units in dynamic reminiscence. If an information set is deleted or moved to a different block however the pointer, as a substitute of being cleared (set to null), continues to consult with the now-freed reminiscence, the result’s a dangling pointer. If this system then allocates this identical chunk of reminiscence to a different object (for instance, information entered by an attacker), the dangling pointer will now reference this new information set. In different phrases, UAF vulnerabilities permit for code substitution.
CVE-2022-26485 pertains to a UAF flaw in XSLT parameter processing, whereas the opposite offers with UAF within the WebGPU PIC framework. Mozilla in its safety advisory mentioned they’ve experiences of assaults within the wild using each bugs.
You may seize the most recent model of Mozilla Firefox in your platform of selection over on our downloads web page or replace manually via Firefox’s built-in assist menu.
Mozilla’s Firefox has given up vital market share during the last decade or so. In keeping with StatCounter, roughly a 3rd of desktops worldwide used Firefox on the finish of 2010. A yr later, Google’s Chrome shot up in recognition and handed Firefox. By mid-2012, Chrome handed Microsoft’s Web Explorer and hasn’t regarded again.
As of final month, Firefox accounted for simply 9.46 % of the worldwide desktop browser market. Business chief Chrome, in the meantime, was used on 64.91 % of machines.
Picture credit score Nata Figueiredo