Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Help Net Security

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited by attackers in the wild. About the vulnerabilities (CVE-2022-26485, CVE-2022-26486) The two patched zero-days are both memory corruption bugs of the “use-after-free” kind, meaning that they may allow attackers to use memory that has been freed by the program. CVE-2022-26485 affects XSLT parameter processing and can be used to achieve remote code execution within the … More →

The post Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486) appeared first on Help Net Security.