Security News > 2022 > March > Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days.
The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser's XSLT parameter processing.
"Removing an XSLT parameter during processing could have led to an exploitable use-after-free," according to Mozilla's advisory over the weekend.
"An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape," according to Mozilla.
The second is being used for sandbox escape, as noted by Mozilla.
"This sort of security hole can typically be abused on its own, or in combination with an RCE bug to allow implanted malware to escape from the security confines imposed by your browser, thus making an already bad situation even worse," Ducklin noted in a Saturday overview.
News URL
https://threatpost.com/firefox-zero-day-bugs-rce-sandbox-escape/178779/
Related news
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
- Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- QNAP QTS zero-day in Share feature gets public RCE exploit (source)
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. | 8.8 |