Jump to content
  • Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes


    Karlston

    • 576 views
    • 2 minutes
     Share


    • 576 views
    • 2 minutes

    Mozilla released new versions of its Firefox web browser on March 5, 2022. The new browser versions fix two critical security vulnerabilities in the Firefox web browser.

     

    Updates are available for Firefox 97.0.2 Stable, Firefox ESR 91.6.1, Firefox for Android 97.3.0 and Firefox Focus 97.3.0.

     

    All browser versions are configured to update automatically, but that happens on a scheduled rollout and not instantly. Firefox desktop users may speed up the installation of the security update by doing the following: Select Menu > Help > About Firefox

     

    A small window opens that displays the version that is installed currently. Firefox runs a check for updates when the window opens, and will either download the new update automatically or on user request. Firefox needs to be restarted to complete the process. Versions 97.02 or 91.6.1 should be displayed afterwards when the about window is opened, depending on the branch of Firefox that is used.

     

    Firefox on Android is updated through Google Play. There is no option to speed up the installation of the update via Google Play.

     

    The official release notes list the following fixed security vulnerabilities in the Firefox releases:

     

    Critical -- CVE-2022-26485: Use-after-free in XSLT parameter processing

     

    Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.

     

    Critical -- CVE-2022-26486: Use-after-free in WebGPU IPC Framework

     

    An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

     

    Both vulnerabilities have a severity rating of critical, the highest rating available. Mozilla notes that both vulnerabilities are exploited in the wild, but it is unclear how widespread the attacks are. The linked bugs are not public.

     

    Firefox users are encouraged to update their browsers as soon as possible to protect the browser and data against attacks targeting the vulnerabilities.

     

     

     

    Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes

     

    Frontpaged: Mozilla Firefox Browser 97.0.2

    • Like 2
    • Thanks 1

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...