top of page
Search

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape


Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser.


Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days.


Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to try to use a chunk of memory that was assigned to it, after said chunk was freed up for use by a different application. This kind of problem can lead to remote code execution (RCE), data corruption and system crashes.


The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser’s XSLT parameter processing. XSLT parameters are used for creating stylesheets that are used to determine the look and feel of a website.


Infosec Insiders Newsletter


“Removing an XSLT parameter during processing could have led to an exploitable use-after-free,” according to Mozilla’s advisory over the weekend.


The second bug, CVE-2022-26486, is a use-after-free issue in the WebGPU IPC Framework. WebGPU is a web API that supports multimedia on webpages by employing a machine’s Graphics Processing Unit (GPU). It’s used to support gaming, video conferencing and 3D modeling, among other things.


“An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape,” according to Mozilla.


The company didn’t provide much in the way of technical details, presumably to make exploitation all the more difficult for bad actors. However, Paul Ducklin, senior technologist with Sophos, offered some notes.


The first bug, he said, is being exploited in the wild for RCE, “implying that attackers with no existing privileges or accounts on your computer could trick you into running malware code of their choice simply by luring you to an innocent-looking but booby-trapped website.”


The second is being used for sandbox escape, as noted by Mozilla.


“This sort of security hole can typically be abused on its own (for example, to give an attacker access to files that are supposed to be off limits), or in combination with an RCE bug to allow implanted malware to escape from the security confines imposed by your browser, thus making an already bad situation even worse,” Ducklin noted in a Saturday overview.


Wang Gang, Liu Jialei, Du Sihang, Huang Yi and Yang Kang of 360 ATA reported the issues.


Both bugs are fixed in the following versions, and users should update immediately:


Firefox 97.0.2

Firefox ESR 91.6.1

Firefox for Android 97.3

Focus 97.3

Thunderbird 91.6.2

 
 
 

Comments

We understand you may need help with more than just Managed IT Services. That’s why we’ve expanded our offerings. We’re happy to offer Managed IT Services – but we’re even happier to take the much-needed care of your business technology entirely off your plate. Ready to learn more about our competitive pricing and packages? ​Contact us today so we can schedule a free onsite Network Analysis and Risk Assessment of your network infrastructure, servers, and workstations.

LATEST BLOG

CONTACT US

UNDERSTANDING IT

Learn more about Unique Solutions and what we can offer for your business.

(888) 417-5155

Unique Solutions MSP, Inc.

South Western Idaho

372 S Eagle Rd., #305

Eagle ID, 83616

Southern California

31805 Temecula Parkway, #248

Temecula, CA 92592

IT can be a complicated thing - trust us, we know. With so much terminology and moving parts to keep track of, there are a lot of concepts that can be tricky to grasp without a little guidance. We’re here to provide this guidance with a few brief guides to key IT topics.

Login to view our member area, member forum, and Newsletters! 

bottom of page