Mozilla released new versions of its Firefox web browser on March 5, 2022. The new browser versions fix two critical security vulnerabilities in the Firefox web browser.
Updates are available for Firefox 97.0.2 Stable, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Firefox Focus 97.3.0.
All browser versions are set to update automatically, but that happens on a scheduled release and not instantly. Firefox desktop users can speed up the installation of the security update by doing the following: Select Menu > Help > About Firefox.
A small window opens showing the version that is currently installed. Firefox runs a check for updates when the window is opened and will download the new update automatically or at the user’s request. Firefox must be restarted to complete the process. Versions 97.02 or 91.6.1 should be displayed afterward when the About window is opened, depending on the branch of Firefox being used.
Firefox on Android is updated through Google Play. There is no option to speed up the update installation through Google Play.
The official Release Notes list the following security vulnerabilities fixed in versions of Firefox:
Critical — CVE-2022-26485: Use-after-free in XSLT parameter processing
Removing an XSLT parameter during processing could have led to exploitable use after release. We have received reports of attacks in the wild abusing this flaw.
Crítico — CVE-2022-26486: Use-after-free en WebGPU IPC Framework
An unexpected message in the WebGPU IPC framework could lead to an exploitable and use-after-free sandbox escape. We have received reports of attacks in the wild abusing this flaw.
Both vulnerabilities have a severity rating of Critical, the highest rating available. Mozilla notes that both vulnerabilities are exploited in the wild, but it’s unclear how widespread the attacks are. Linked errors are not public.
Firefox users are advised to update their browsers as soon as possible to protect the browser and data from exploit-targeted attacks.
advertising