Request a Demo
Rewterz
Rewterz Threat Alert – Avaddon Ransomware – Active IOCs
March 7, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022

Rewterz Threat Advisory – Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-26486

Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebGPU IPC framework. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2022-26485

Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in XSLT parameter processing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Code Execution
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2022-26486
  • CVE-2022-26485

Affected Vendors

  • Mozilla

Affected Products

  • Mozilla Firefox 97
  • Mozilla Firefox ESR 91.6
  • Mozilla Firefox for Android 97
  • Mozilla Focus 97

Remediation

Refer to Mozilla Advisory for the patch, upgrade or suggested workaround information.

https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/