Firefox patches two actively exploited 0-day holes: update now!

2022-03-05 19:06

Mozilla has published Firefox 97.0.2, an "Out-of-band" update that closes two bugs that are officially listed as critical.

Access to the details of the bugs is still restricted to Mozilla insiders, presumably to make it harder for attackers to get at the technical details of how to exploit these security holes.

This sort of security hole can typically be abused on its own, or in combination with an RCE bug to allow implanted malware to escape from the security confines imposed by your browser, thus making an already bad situation even worse.

If you are out of date then Firefox will offer to fetch the update and then present a button; click the button, or exit and restart the browser, to deploy the update.

The version numbers you want are: Firefox 97.0.2, or Firefox 91.6.1 ESR, or Firefox 97.3.0 for Android.

Note that if you are not yet on the latest major version, you may need to complete the update in multiple stages, so be sure to re-visit the About Firefox dialog after each update has been installed, to make sure you have finished all needed update-and-restart cycles.

News URL

https://nakedsecurity.sophos.com/2022/03/05/firefox-patches-two-in-the-wild-exploits-update-now/

#0day #firefox