Firefox fixes Two zero-day vulnerabilities

Mozilla has released an unscheduled update that fixes two critical zero-day vulnerabilities in Firefox. The discovered vulnerabilities are actively exploited in network attacks on browser users.

The first vulnerability CVE-2022-26485 is associated with an error in processing XSLT parameters and can be used to remotely execute arbitrary code on your computer when visiting a specially created Web site.

The second error CVE-2022-26486 was detected in the WebGPU IPC Framework and allows a remote attacker to go beyond the sandbox. Vulnerabilities of this type can be used independently (for example, for unauthorized access to files) and in combination with RCE errors, allowing malicious code to go beyond the security restrictions set by your browser, thereby aggravating an already bad situation.

Updates are available for Firefox 97.0.2 Stable, Firefox ESR 91.6.1, Firefox for Android 97.3.0 and Firefox Focus 97.3.0.