Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, Thunderbird 91.9.1).
You should update your browser immediately, as both could have a critical impact in case of a successful exploit.
Vulnerabilities Fixed in Mozilla Firefox Version 100.0.2
The latest update fixes two critical issues: CVE-2022-1802 and CVE-2022-1529.
In March, Mozilla released two out-of-band updates to address a couple of critical zero-day vulnerabilities in its browser. Both vulnerabilities were actively exploited in the wild. The two zero-days, CVE-2022-26485 and CVE-2022-26486, stemmed from use-after-free issues affecting the Extensible Stylesheet Language Transformations (XSLT) parameter processing, as well as the WebGPU inter-process communication framework (IPC).