Mozilla has promoted information of Firefox due to two high-risk security vulnerabilities that, as it states, are currently being actively exploited by criminals.
The zero-days errors CVE-2022-26485 και CVE-2022-26486, described as issues that affect the XSLT language, or which is based on XML and usesται για τη μετατροπή εγγράφων XML σε ιστοσελίδες ή έγγραφα PDF, καθώς και το WebGPU που είναι ένα καινούργιο πρότυπο ιστού, διάδοχος της τρέχουσας βιβλιοθήκης γραφικών WebGL JavaScript.
Mozilla says it has had reports of attacks exploiting the two vulnerable points, but did not announce technical details about the hacks or the ID card of the malicious actors who exploit them.
Security researchers Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang of Qihoo 360 ATA have been credited with discovery and the reporting of deficiencies.
Considering the active exploitation of these bugs so far, it is recommended to users to upgrade as soon as possible σε Firefox 97.0.2, Firefox ESR 91.6.1, Firefox για Android 97.3.0, Focus 97.3.0 and Thunderbird 91.6.2.