https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Menu Mozilla Download Firefox Firefox Privacy Notice Get Mozilla VPN * Firefox Browsers Close Firefox Browsers menu + [log] Firefox for Desktop Get the not-for-profit-backed browser on Windows, Mac or Linux. + [log] Firefox for Android Get the customizable mobile browser for Android smartphones. + [log] Firefox for iOS Get the mobile browser for your iPhone or iPad. + [log] Firefox Focus Simply private mobile browsing. + [ico] Privacy Promise Learn how Firefox treats your data with respect. + Firefox Blog Read about new Firefox features and ways to stay safe online. + Release Notes Get the details on the latest Firefox updates. View all Firefox Browsers * Products Close Products menu + [log] Firefox Monitor See if your email has appeared in a company's data breach. + Facebook Container Help prevent Facebook from collecting your data outside their site. + [log] Pocket Save and discover the best stories from across the web. + Mozilla VPN Get protection beyond your browser, on all your devices. + Product Promise Learn how each Firefox product protects and respects your data. + [log] Firefox Relay Sign up for new accounts without handing over your email address. + [ico] Firefox Private Network (beta) Protect your browser's connection to the internet. View all Products * Who We Are Close Who We Are menu + Mozilla Manifesto Learn about the values and principles that guide our mission. + Mozilla Foundation Meet the not-for-profit behind Firefox that stands for a better web. + Get involved Join the fight for a healthy internet. + Leadership Meet the team that's building technology for a better internet. + Careers Work for a mission-driven organization that makes people-first products. + Mozilla Blog Learn about Mozilla and the issues that matter to us. More About Mozilla * Innovation Close Innovation menu + Mozilla Hubs Gather in this interactive, online, multi-dimensional social space. + [log] Firefox Developer Edition Get the Firefox browser built just for developers. + MDN Web Docs Check out the home for web developer resources. + [icon-commo] Common Voice Donate your voice so the future of the web can hear everyone. More Mozilla Innovation Menu * Mozilla Security Mozilla Security * Advisories * Known Vulnerabilities * Mozilla Security Blog * Security Bug Bounty Client Bug Bounty * Frequently Asked Questions * Hall of Fame Web Bug Bounty * Eligible Websites * Frequently Asked Questions * Hall of Fame Mozilla Foundation Security Advisory 2022-09 Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 Announced March 5, 2022 Impact high Products Firefox, Firefox ESR, Firefox for Android, Focus Fixed in + Firefox 97.0.2 + Firefox ESR 91.6.1 + Firefox for Android 97.3 + Focus 97.3 #CVE-2022-26485: Use-after-free in XSLT parameter processing Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA Impact critical Description Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. References * Bug 1758062 #CVE-2022-26486: Use-after-free in WebGPU IPC Framework Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA Impact critical Description An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. References * Bug 1758070 Company * Mozilla Manifesto * Press Center * Corporate Blog * Careers * Contact * Donate Resources * Privacy Hub * Browser Comparison * Brand Standards Support * Product Help * File a Bug Developers * Developer Edition * Beta * Beta for Android * Nightly * Nightly for Android * Enterprise * Tools Follow @Mozilla * Twitter (@mozilla) * Instagram (@mozilla) Follow @Firefox * Twitter (@firefox) * Instagram (@firefox) * YouTube (@firefoxchannel) Mozilla * Website Privacy Notice * Cookies * Legal * Community Participation Guidelines Visit Mozilla Corporation's not-for-profit parent, the Mozilla Foundation. Portions of this content are (c)1998-2022 by individual mozilla.org contributors. Content available under a Creative Commons license.