Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser.
Mozilla develops Firefox and related internet technologies, with vulnerability disclosures and security updates relevant to browser security and safety.
Search across headline titles and summaries.
Background for this topic.
Mozilla is an open-source software organization best known for developing Firefox and related internet technologies. Its security relevance centers on software that parses untrusted web content: browsers expose users to malicious sites, crafted documents, extensions, and vulnerable dependencies, so flaws in rendering, JavaScript, networking, or privilege boundaries can have serious consequences.
Mozilla publishes security advisories for Firefox and maintains release channels including Extended Support Release (ESR), providing data for vulnerability and patch management. High-severity bugs may enable code execution, sandbox escape, credential theft, or privacy exposure, although severity alone does not prove exploitation. Practitioners should track advisories and affected versions, prioritize updates, restrict untrusted extensions, and apply enterprise policies where appropriate. Firefox privacy controls, including tracking protection and anti-fingerprinting features, reduce some collection and profiling but do not replace endpoint hardening or secure identity practices.
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser.
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild
Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. [...]