Mozilla has updated Firefox to version 97.0.2 to fix two active vulnerabilities currently being exploited in the wild. If you’re a Firefox user, you’re going to want to update as soon as possible to make sure your browser is secure.

You Can Get Firefox From the Microsoft Store Now
RELATEDYou Can Get Firefox From the Microsoft Store Now

The exploits are CVE-2022-26485 and CVE-2022-26486. Mozilla described the exploits on its website. “Removing an XSLT parameter during processing could have led to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw,” is how the company describes CVE-2022-26485.

For CVE-2022-26486, the company said, “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”

Mozilla credits finding the exploits to researchers at Chinese security firm Qihoo 360 ATA, Wang Gang, Liu Jialei, Du Sihang, Huang Yi, and Yang Kang.

How to Change Browsers on Android
RELATEDHow to Change Browsers on Android

In addition to Firefox 97.0.2, the company has updated Firefox ESR to 91.6.1, Firefox for Android to 97.3.0, and Focus to 97.3.0.


Mozilla lists these as high-impact vulnerabilities, so you definitely don’t want to wait to update Firefox. Anytime a significant vulnerability is actively being exploited, you want to get the fix as quickly as possible to keep yourself safe and secure while you browse the web.