Update Firefox Right Now - Here's Why
If you primarily use the Mozilla Firefox web or mobile browser, you should update it to the latest version as soon as possible. Mozilla has just released a very important update in order to fix critical vulnerabilities found in the previous versions of the software. The vulnerabilities have been fixed in Firefox 97.0.2, Firefox for Android 97.3.0, Firefox ESR 91.6.1, and Focus 97.3.0, and their impact has been marked as "high." What exactly could happen if you don't update your Firefox browser quickly? Based on current evidence — a lot.
The bugs are so-called use-after-free exploits. This refers to vulnerabilities that make incorrect use of dynamic memory. This happens when the memory location that was previously used is freed, but the program does not remove the path to that memory, opening the door for attackers to target it. These Firefox bugs were also so-called "zero-day" vulnerabilities, meaning that Mozilla may not have known about them prior to releasing the affected Firefox patches.
Mozilla itself has stated that it has received reports of attacks that targeted these specific flaws. Using the bugs allows attackers to potentially execute commands on your device. This could prove to be really bad — a hacker could be given access to downloading malicious software onto your device, and with the right program, that could end up in disaster.
Firefox bugs grant hackers access to your device
Mozilla has fixed two critical vulnerabilities in the latest patch, and Windows, Linux, and Android users should make sure to update their browser right now. The two vulnerabilities are referred to as CVE-2022-26485 and CVE-2022-26486. Although the company hasn't disclosed how exactly these bugs were being exploited, it's likely that attackers used the flaw in the browser to install malicious software or direct users to pre-programmed web pages without their consent. From that point on, hackers were likely able to gain further access to the user's device.
Both the flaws are of the use-after-free type, but the first flaw is found in XSLT parameter processing. If an XSLT parameter is removed mid-processing data, this could have opened the door to exploits. The second bug is found in the WebGPU IPC framework. Mozilla has received reports of both of these bugs being abused, and as they both grant unwanted access to your device, it's best to act fast.
How to update Firefox?
Updating your Mozilla Firefox browser is easy and can be done in a few quick steps, but the exact ways to do it will vary based on your device. Mozilla has links to all of the Firefox versions right there on its website. Your browser may also automatically prompt you to install the latest update, and in the event that it doesn't, simply open the Firefox menu, then the Help section, and lastly, About Firefox.
Android users can head directly to the Google Play Store in order to update their browser. Firefox is also available on iOS, so if you're an iPhone or iPad owner, check out the Apple App Store for a quick update. Windows, Linux, and macOS users can easily patch their browser online on Mozilla's website.