Mozilla fixes zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1 and Thunderbird 91.6.2
Hey everyone,
Mozilla has released security updates to fix two zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1 and Thunderbird 91.6.2.
Tracked as CVE-2022-26485 and CVE-2022-26486, Mozilla said, "We have had reports of attacks in the wild abusing this flaw." for both the vulnerabilities.
The details of the vulnerabilities fixed can be found below:
CVE ID | Description | Impact |
CVE-2022-26485 | Use-after-free in XSLT parameter processing | Critical |
CVE-2022-26486 | Use-after-free in WebGPU IPC Framework | Critical |
To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
Firefox 97.0.2
Patch ID | Bulletin ID | Patch Description |
323846 | TU-027 | Mozilla Firefox (97.0.2) |
323847 | TU-027 | Mozilla Firefox (x64) (97.0.2) |
603652 | MAC-006 | Mozilla Firefox For Mac (97.0.2) |
Firefox ESR 91.6.1
Patch ID | Bulletin ID | Patch Description |
323848 | TU-054 | Mozilla Firefox ESR (91) (91.6.1) |
323849 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.6.1) |
803100 | DSA-5090-1 | Firefox-ESR security update (x64) for Linux |
803101 | DSA-5090-1 | Firefox-ESR security update for Linux |
603653 | MAC-111 | Mozilla Firefox ESR for MAC 91.6.1 |
Mozilla Thunderbird 91.6.2
| Patch ID | Bulletin ID | Patch Description |
| 323852 | TU-054 | Mozilla Thunderbird (91) (91.6.2) |
| 323853 | TU-054 | Mozilla Thunderbird (91) (x64) (91.6.2) |
| 603654 | MAC-007 | Mozilla Thunderbird For Mac (91.6.2) |
Cheers,
The ManageEngine Team