PT-2022-1782 · Mozilla+10 · Firefox Esr+14
Du Sihang
+4
·
Published
2022-03-05
·
Updated
2025-09-29
·
CVE-2022-26485
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 97.0.2
Firefox ESR versions prior to 91.6.1
Firefox for Android versions prior to 97.3.0
Thunderbird versions prior to 91.6.2
Focus versions prior to 97.3.0
Description
The issue is related to the use of memory after it has been freed, specifically when removing an XSLT parameter during processing, which could lead to an exploitable use-after-free. There have been reports of attacks in the wild abusing this flaw, allowing a remote attacker to potentially execute arbitrary code.
Recommendations
For Firefox versions prior to 97.0.2, update to version 97.0.2 or later.
For Firefox ESR versions prior to 91.6.1, update to version 91.6.1 or later.
For Firefox for Android versions prior to 97.3.0, update to version 97.3.0 or later.
For Thunderbird versions prior to 91.6.2, update to version 91.6.2 or later.
For Focus versions prior to 97.3.0, update to version 97.3.0 or later.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Firefox For Android
Focus
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu