Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to try to use a chunk of memory that was assigned to it, after said chunk was freed up for use by a different application. This kind of problem can lead to remote code execution (RCE), data corruption and system crashes. The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser’s XSLT parameter processing. XSLT parameters are used for creating stylesheets that are used to determine the look and feel of a website.