Firefox 97.0.2 and 91.6.1 ESR released – critical security fixes

Mozilla[German]Mozilla Mozilla developers have released versions 97.0.2 and 95.6.1esr of the Firefox browser on March 5, 2022. This is a security update that fixes two critical vulnerabilities, according to the Security Advisory. Thanks to EP for the tip.


Firefox 97.0.2

According to the release notes, the March 5, 2022 update addresses the following critical vulnerabilities:

  • CVE-2022-26485: Use-after-free in XSLT parameter processing: critical; Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
  • CVE-2022-26486: Use-after-free in WebGPU IPC Framework: critical; An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

Firefox 91.6.1esr

An update to Firefox 91.6.1esr with one year of long-term support has also been provided with the same fix to address the above vulnerabilities.

The new Firefox and ESR variants can be downloaded from this website for various platforms (choose the variant from the list boxes shown). 

Cookies helps to fund this blog: Cookie settings

This entry was posted in browser, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *