Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

Mozilla has launched an unexpected emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days.

The two are use-right after-cost-free bugs, which are memory-corruption issues that arise when an software continues to attempt to use a chunk of memory that was assigned to it, just after reported chunk was freed up for use by a different application. This variety of dilemma can direct to remote code execution (RCE), knowledge corruption and system crashes.

The 1st bug resolved by Mozilla, CVE-2022-26485, is a use-following-free of charge issue in the browser’s XSLT parameter processing. XSLT parameters are utilised for producing stylesheets that are applied to determine the seem and truly feel of a web site.

“Removing an XSLT parameter throughout processing could have led to an exploitable use-after-no cost,” according to Mozilla’s advisory more than the weekend.

The next bug, CVE-2022-26486, is a use-immediately after-free issue in the WebGPU IPC Framework. WebGPU is a web API that supports multimedia on webpages by employing a machine’s Graphics Processing Unit (GPU). It is utilised to assist gaming, movie conferencing and 3D modeling, between other matters.

“An unexpected concept in the WebGPU IPC framework could lead to a use-right after-absolutely free and exploitable sandbox escape,” according to Mozilla.

The enterprise didn’t offer substantially in the way of complex details, presumably to make exploitation all the far more complicated for poor actors. Nevertheless, Paul Ducklin, senior technologist with Sophos, presented some notes.

The 1st bug, he mentioned, is currently being exploited in the wild for RCE, “implying that attackers with no present privileges or accounts on your laptop or computer could trick you into jogging malware code of their option basically by luring you to an harmless-seeking but booby-trapped website.”

The next is being used for sandbox escape, as noted by Mozilla.

“This form of security hole can typically be abused on its personal (for instance, to give an attacker obtain to files that are supposed to be off limits), or in blend with an RCE bug to enable implanted malware to escape from the security confines imposed by your browser, so building an currently poor condition even worse,” Ducklin noted in a Saturday overview.

Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang of 360 ATA noted the issues.

Both of those bugs are set in the adhering to versions, and users need to update instantly:

• Firefox 97..2
• Firefox ESR 91.6.1
• Firefox for Android 97.3
• Aim 97.3
• Thunderbird 91.6.2

Sign up Currently for Log4j Exploit: Lessons Acquired and Risk Reduction Best Methods – a Live Threatpost party sked for Thurs., March 10 at 2PM ET. Sign up for Sonatype code skilled Justin Youthful as he assists you sharpen code-hunting expertise to minimize attacker dwell time. Understand why Log4j is however harmful and how SBOMs healthy into software source-chain security. Sign-up Now for this one-time Totally free celebration, Sponsored by Sonatype.