The vulnerabilities, labeled CVE-2022-26485 and CVE-2022-26486, are both use-after-free (UAF) vulnerabilities that were reported to Mozilla by Chinese Internet security company Qihoo 360. As Kaspersky highlights, these types of vulnerabilities relate to the incorrect use of dynamic memory during a program’s execution. CVE-2022-26485 relates to a UAF flaw in XSLT parameter processing, while the other deals with UAF in the WebGPU PIC framework. Mozilla in its security advisory said they have reports of attacks in the wild utilizing both bugs. You can grab the latest version of Mozilla Firefox for your platform of choice over on our downloads page or update manually through Firefox’s integrated help menu.
Mozilla’s Firefox has given up significant market share over the last decade or so. According to StatCounter, roughly a third of desktops worldwide used Firefox at the end of 2010. A year later, Google’s Chrome shot up in popularity and passed Firefox. By mid-2012, Chrome passed Microsoft’s Internet Explorer and hasn’t looked back. As of last month, Firefox accounted for just 9.46 percent of the global desktop browser market. Industry leader Chrome, meanwhile, was used on 64.91 percent of machines. Image credit Nata Figueiredo
