[German]Mozilla Mozilla developers have released versions 97.0.2 and 95.6.1esr of the Firefox browser on March 5, 2022. This is a security update that fixes two critical vulnerabilities, according to the Security Advisory. Thanks to EP for the tip.
Advertising
Firefox 97.0.2
According to the release notes, the March 5, 2022 update addresses the following critical vulnerabilities:
- CVE-2022-26485: Use-after-free in XSLT parameter processing: critical; Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework: critical; An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
Firefox 91.6.1esr
An update to Firefox 91.6.1esr with one year of long-term support has also been provided with the same fix to address the above vulnerabilities.
The new Firefox and ESR variants can be downloaded from this website for various platforms (choose the variant from the list boxes shown).
