Mozilla provides out-of-sequence security updates for Firefox and Thunderbird  [07.03.22]

The current versions 97.0.2 for Firefox, 91.6.1 Firefox ESR, 97.3.0 Firefox for Android and 97.3.0 for Firefox Klar as well as the version 91.6.2 for Thunderbird close the vulnerabilities.Since attacks on the vulnerabilities are already observed, users:inside and administrator:inside should install the updates immediately.

Technical details:

The Mozilla Foundation has issued a security alert (2022-09) about two vulnerabilities in the Firefox and Klar browsers and in the Thunderbird mail program for all available platforms. The security updates close gaps that are already being actively exploited. Details on the two vulnerabilities CVE-2022-26485 and CVE-2022-26486, both rated "Critical", are not available. Both vulnerabilities are said to be a "use-after-free" flaw, i.e. the use of a pointer to memory areas that have already been released.The impact of this flaw can range from the possibility of data manipulation, the crash of the software to the execution of injected malicious code. Opening a manipulated website is said to be enough to exploit the vulnerability.

Sources (in german):

• https://ubuntu.com/security/notices/USN-5314-1
• https://www.heise.de/news/Notfallupdate-Sicherheitsluecken-in-Firefox-und-Thunderbird-werden-angegriffen-6540649.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/

Back to All news