Mozilla has released an update to Firefox due to two high-risk security vulnerabilities that it says are currently being actively exploited by criminals.
The zero-day errors CVE-2022-26485 and CVE-2022-26486, described as issues affecting the XSLT language, which is based on XML and is used to convert XML documents into web pages or PDF documents, as well as WebGPU which is a new web standard, a successor to the current library graphics WebGL JavaScript.
Mozilla says it has had reports of attacks exploiting the two vulnerabilities, but has not released technical details about the attacks or the ID card of the malicious actors who exploit them.
Qihoo 360 ATA security researchers Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang have been credited with discovering and reporting deficiencies.
Considering the active exploitation of these bugs so far, it is recommended to users to upgrade as soon as possible in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Focus 97.3.0 and Thunderbird 91. 6.2.
