Mozilla has released an update to Firefox due to two high-risk security vulnerabilities that it says are currently being actively exploited by criminals.
The zero-day errors CVE-2022-26485 and CVE-2022-26486, described as issues that affect the XSLT language, which is based on XML and used for conversion εγγράφων XML σε ιστοσελίδες ή έγγραφα PDF, καθώς και το WebGPU που είναι ένα καινούργιο πρότυπο ιστού, διάδοχος της τρέχουσας βιβλιοθήκης γραφικών WebGL JavaScript.
Mozilla says it has had reports of attacks exploiting the two vulnerable σημεία, αλλά δεν ανακοίνωσε τεχνικές λεπτομέρειες σχετικά με τις εισβολές ή την ID card of the malicious actors who exploit them.
The researchers security researchers Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang of Qihoo 360 ATA have been credited with discovering and reporting the flaws.
Considering the active exploitation of these errors so far, it is recommended to users to upgrade as soon as possible in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Focus 97.3.0 and Thunderbird 91. 6.2.