The large image: Mozilla has launched new variations of its Firefox browser that appropriate a pair of vital zero-day vulnerabilities. Each have already been actively exploited within the wild, so you may wish to seize the patch ASAP to keep away from publicity.
The vulnerabilities, labeled CVE-2022-26485 and CVE-2022-26486, are each use-after-free (UAF) vulnerabilities that had been reported to Mozilla by Chinese language Web safety firm Qihoo 360. As Kaspersky highlights, all these vulnerabilities relate to the wrong use of dynamic reminiscence throughout a program’s execution.
Pointers in a program discuss with knowledge units in dynamic reminiscence. If an information set is deleted or moved to a different block however the pointer, as an alternative of being cleared (set to null), continues to discuss with the now-freed reminiscence, the result’s a dangling pointer. If this system then allocates this similar chunk of reminiscence to a different object (for instance, knowledge entered by an attacker), the dangling pointer will now reference this new knowledge set. In different phrases, UAF vulnerabilities permit for code substitution.
CVE-2022-26485 pertains to a UAF flaw in XSLT parameter processing, whereas the opposite offers with UAF within the WebGPU PIC framework. Mozilla in its safety advisory mentioned they’ve stories of assaults within the wild using each bugs.
You’ll be able to seize the most recent model of Mozilla Firefox in your platform of alternative over on our downloads web page or replace manually by way of Firefox’s built-in assist menu.
Mozilla’s Firefox has given up important market share during the last decade or so. In keeping with StatCounter, roughly a 3rd of desktops worldwide used Firefox on the finish of 2010. A yr later, Google’s Chrome shot up in reputation and handed Firefox. By mid-2012, Chrome handed Microsoft’s Web Explorer and hasn’t regarded again.
As of final month, Firefox accounted for simply 9.46 p.c of the worldwide desktop browser market. Business chief Chrome, in the meantime, was used on 64.91 p.c of machines.
Picture credit score Nata Figueiredo
