Mozilla has pushed an update to Firefox due to two high-risk security vulnerabilities, which, as it states, are currently being actively exploited by criminals.
The zero-day errors CVE-2022-26485 and CVE-2022-26486, described as issues that affect the XSLT language, which is based on XML and used for conversion εγγράφων XML σε ιστοσελίδες ή έγγραφα PDF, καθώς και το WebGPU που είναι ένα καινούργιο πρότυπο ιστού, διάδοχος της τρέχουσας βιβλιοθήκης γραφικών WebGL JavaScript.
Mozilla says it has had reports of attacks exploiting the two vulnerabilities, but did not release technical details about the hacks or the identity of the malicious actors exploiting them.
Qihoo 360 ATA security researchers Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang have been credited with discovering and reporting deficiencies.
Considering the active exploitation of these errors so far, it is recommended to users to upgrade as soon as possible in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Focus 97.3.0 and Thunderbird 91.6.2.