Mozilla have released patches for two zero-day exploits which were recently reported by researchers at 360 ATA. A zero-day is an unpatched software vulnerability that is being actively exploited in the wild. In other words, since the vulnerability is already being exploited, there are “zero days” to spare in finding a solution.
CVE-2022-26485 & CVE-2022-26486 are considered memory corruption bugs which allow for remote code execution and sandbox escape of the application. Mozilla acknowledged that these exploits have been in use but have not shared details around the malicious actors involved.
If you are a Firefox user, upgrade Firefox to version 97.0.2, Firefox Focus to 87.3.0, Android Firefox mobile app to 97.3.0 and Thunderbird to 91.6.2 as soon as possible.
