The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks. According to a Mozilla advisory published over the weekend, the two bugs (tracked as CVE-2022-26485 and CVE-2022-26486) are Use After Free flaws that allow attackers to trigger crashes and execute maliciously crafted code on targeted devices.
Read full article on Bleeping Computer