Security News > 2022 > March > CISA: Patch actively exploited Firefox zero-days until March 21st
The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks.
According to a binding operational directive issued in November, Federal Civilian Executive Branch Agencies agencies are now required to secure their systems against these vulnerabilities, with CISA giving them until March 21st to apply patches.
CISA added nine other vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence that threat actors are also actively exploiting them in the wild.
Even though BOD 22-01 only applies to FCEB agencies, CISA strongly urged all other private and public sector orgs to reduce their exposure to ongoing cyberattacks by prioritizing mitigation of these security flaws.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," CISA added.
CISA has added hundreds of vulnerabilities to its catalog of actively exploited bugs this year, ordering federal agencies to patch them as soon as possible to avoid security breaches.
News URL
Related news
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)