Two of Mozilla Firefox's actively exploited bugs are gone.
A recent Tech Times article reported that the Mozilla Corporation uploaded a bug-fixing patch for the desktop and mobile version of its popular web browser, Mozilla Firefox.
The article also mentioned that the Mozilla Corporation updated its Extended Support Release version to fix the existing exploit for enterprises and its privacy-focused app, Focus.
Details on Firefox's Vulnerabilities
According to a Bleeping Computer article, the zero-day vulnerabilities Mozilla Corporation patched out, CVE-2022-26485 and CVE-2022-26486, were "use-after-free" bugs. These bugs are memory corruption bugs that occur when an application tries to use memory no longer assigned to it, per Firewalls.com.
Mozilla reported in one of its blog posts that CVE-2022-26485 removes an Extensible Stylesheet Language Transformations parameter during processing that could lead to an exploitable use-after-free bug. Meanwhile, CVE-2022-26486 is an unexpected message in the WebGPU Inter-Process Communication framework that could lead to a use-after-free and exploitable sandbox escape.
When exploited by hackers, these use-after-free bugs can cause a program with the bug to crash while allowing them to issue commands to the program without the device owner's permission. Hackers could issue almost any command to a compromised device thanks to these bugs, which includes downloading malware that provides further access to the device.
Firefox developers are aware that these bugs are being actively exploited by hackers or remote attackers while a Chinese cybersecurity company, Qihoo 360 ATA discovered and disclosed the vulnerabiltiies to the Corporation.
How to Protect Yourself from 'Use-After-Free' Bugs
Bleeping Computer advises people to download Firefox's latest version for all possible devices, including Windows, macOS, and Linux due to the critical nature of the bugs.
Alternatively, users can manually check for new updates using Firefox's menu and then select Help and About Firefox afterward. The web browser would then check for and install the latest update and would ask you to restart Firefox once it is done installing.
Firefox may not be the only one with use-after-free bugs. Google Chrome, for example, has been reported to have such a bug in its programming, per Kaspersky's article.
As such, people are advised to update their web browsers that have access to the Internet to get the latest protection. Kaspersky also recommends people install security solutions on all devices with Internet access as a Plan B should your web browser be of an outdated version.
Meanwhile, the Center for Internet Security (CIS) adds to Kaspersky's tips, advising people to avoid untrusted websites or follow links provided by unknown or untrusted sources. It also reminds people to inform and educate others regarding the threats posed by hypertext links contained in emails or attachments from untrusted sources as well as to run all software as a user without administrative privileges to diminish the effects of a successful use-after-free exploitation.