Mozilla fixes zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1 and Thunderbird 91.6.2

Mozilla fixes zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1 and Thunderbird 91.6.2

Hey everyone,

 

Mozilla has released security updates to fix two zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1 and Thunderbird 91.6.2.

 

Tracked as CVE-2022-26485 and CVE-2022-26486, Mozilla said, "We have had reports of attacks in the wild abusing this flaw." for both the vulnerabilities.

 

The details of the vulnerabilities fixed can be found below:

CVE ID
Description 
Impact
CVE-2022-26485
Use-after-free in XSLT parameter processing  
Critical
CVE-2022-26486
Use-after-free in WebGPU IPC Framework
Critical

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Firefox 97.0.2

Patch ID
Bulletin ID
Patch Description
323846
TU-027
Mozilla Firefox (97.0.2)
323847
TU-027
Mozilla Firefox (x64) (97.0.2)
603652
MAC-006
Mozilla Firefox For Mac (97.0.2)
                                                                                    
Firefox ESR 91.6.1

Patch ID 
Bulletin ID 
Patch Description
323848
TU-054 
Mozilla Firefox ESR (91) (91.6.1)
323849
TU-054 
Mozilla Firefox ESR (91) (x64) (91.6.1)
803100
DSA-5090-1
Firefox-ESR security update (x64) for Linux
803101
DSA-5090-1
Firefox-ESR security update for Linux
603653
MAC-111
Mozilla Firefox ESR for MAC 91.6.1

Mozilla Thunderbird 91.6.2

Patch ID Bulletin ID Patch Description
323852TU-054 Mozilla Thunderbird (91) (91.6.2)
323853TU-054 Mozilla Thunderbird (91) (x64) (91.6.2)
603654MAC-007Mozilla Thunderbird For Mac (91.6.2)

Cheers,
The ManageEngine Team