Mozilla Releases Emergency Update for Firefox Browser
NERC and the Regional Entities Comments in the FERC Technical Conference Regarding “Modernizing Electricity Market Design”
March 9, 2022Attackers can manipulate Amazon’s Echo smart device via its speakers
March 9, 2022
Summary:
Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to try to use a chunk of memory that was assigned to it, after said chunk was freed up for use by a different application. This kind of problem can lead to remote code execution (RCE), data corruption and system crashes. The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser’s XSLT parameter processing. XSLT parameters are used for creating stylesheets that are used to determine the look and feel of a website.
Additional Discussion:
Link:
