Mozilla Firefox's new update fixes not one, but two zero-day vulnerabilities, which are actively exploited by hackers.

(Photo : by NICOLAS ASFOURI/AFP via Getty Images)
A desktop screen at an office in Bangkok on June 25, 2013 displays the homepage for the Mozilla Firefox browser with a message for its users that says: "Security and privacy are not optional. Stand with a broad coalition to demand that the NSA stop watching us: stopwatching.us", which links to a petition to the US Congress to end NSA monitoring. The White House pressured Russia on June 24 to expel fugitive US intelligence leaker Edward Snowden and warned China it had harmed efforts to rebuild trust by allowing him to leave Hong Kong.

Mozilla Firefox New Update

Mozilla has released a bug-fixing patch for both the desktop and mobile Android client of the Firefox web browser, as per a news story by Bleeping Computer.

On top of that, the non-profit behind the open-source browser also updated its Extended Support Release version for enterprises and its privacy-focused app, Focus, to fix the existing exploits.

The new update brings the 97.0.2 version of Firefox on desktop, 97.3.0 for its Android mobile app, 97.3.0 for its privacy-focused platform, and 91.6.1 for the Extended Support Release.

Mozilla Firefox Update Fixes Exploits

Bleeping Computer noted in the same news story that the previous version of Firefox apps in various platforms have two zero-day bugs, which cyberattackers are actively exploiting.

The two zero-day vulnerabilities found on the Firefox browsers are "use-after-free" exploits. It allows cyber attackers to use the bug to control the machines of their victims.

(Photo : by LEON NEAL/AFP via Getty Images)
A screen displays the logo of the open-source web browser Firefox on July 31, 2009, in London, as the software edges towards it's billionth download within the next twenty four hours. First released in 2004, the browser currently holds around 31 % of the market share with Microsoft's Internet Explorer dominating the field with 60 %.

On top of that, "use-after-free" bugs could use memory from a program that has previously been deleted. Once the hackers are already taking over the device of the victim without any consent, the program or app will crash.

The news outlet further noted that critical exploits such as the ones found on Firefox do all sorts of things. Hackers could remotely attack their victims to perform numerous commands, such as installing malware to start the cyberattack.

Read Also: Mozilla 'Firefox Reality' Gets Scrapped by Company, VR Browser to Relaunch as 'Wolvic'-Why?

Firefox Security Vulnerabilities

According to a security advisory from the Mozilla Foundation, the new version of Firefox fixed security vulnerabilities, which had a "high" impact rating.

Mozilla Foundation went on to share the two zero-day exploits that the new update has already solved.

First, the CVE-2022-26485, which has been abused by attackers in the wild, the non-profit said. It was reported by the folks from 360 ATA, namely Yang Kang, Huang Yi, Liu Jialei, Du Sihang, and Wang Gang.

The second one goes by the name CVE-2022-26486, which Mozilla also stated has been exploited in the wild. It was also reported to the makers of Firefox by the same folks who have tipped the first vulnerability.

It is worth noting that both of these Firefox exploits are alarmingly rated as "critical."

Related Article: Web Browsers Chrome, Edge, and Firefox May Face Issues with Websites Following Version 100 Update

This article is owned by Tech Times

Written by Teejay Boris