Security News > 2022 > March > Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs
Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks.
As Mozilla's security advisory explains, the Firefox developers are aware of "Reports of attacks in the wild" actively exploiting these vulnerabilities.
While Mozilla has not shared how threat actors use these zero-day vulnerabilities in attacks, it was likely done by redirecting Firefox users to maliciously crafted web pages.
These vulnerabilities were discovered and disclosed to Mozilla by Chinese cybersecurity company Qihoo 360 ATA. Due to the critical nature of these bugs, and they are being actively exploited, it is strongly recommended that all Firefox users update their browsers immediately.
Users can manually check for new updates by going to the Firefox menu > Help > About Firefox.
Firefox will then automatically check for and install the latest update and prompt you to restart your browser.
News URL
Related news
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Mozilla patches critical Firefox vuln that attackers are already exploiting (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)