CISA: Patch actively exploited Firefox zero-days until March 21st

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks. According to a Mozilla advisory published over the weekend, the two bugs (tracked as CVE-2022-26485 and CVE-2022-26486) are Use After Free flaws that allow attackers to trigger crashes and execute maliciously crafted code on targeted devices.

Read full article on Bleeping Computer

 


Date:

Categorie(s):