14 DAY TRIAL // Mozilla has just released a new Firefox version, and this time, the minor revision is actually pretty big news in terms of security.
This is because the new update, which brings the browser to version 100.0.2, includes two critical security fixes, so obviously, everybody is recommended to install it as soon as possible.
Mozilla has flagged both security fixes with a critical severity rating, revealing they were reported by researcher Manfred Paul of Trend Micro’s Zero Day initiative.
The first bug is a prototype pollution in Top-Level Audit implementation.
“If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context,” Mozilla says.
The second vulnerability, which is documented in CVE-2022-1529, is an untrusted input used in Javascript object indexing, and Mozilla says it also leads to prototype pollution.
“An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process,” the company says.
Update Firefox ASAP
As mentioned, all users are recommended to update to the latest Firefox version as soon as possible, especially given the security implications.
Right now, Firefox is the only big non-Chromium browser on the market, and it’s seen by many as the alternative to the domination of Google Chrome. However, third-party statistics have revealed that while Google’s browser is the number one choice out there, with a market share of nearly 70 percent, the runner-up place is currently owned by Microsoft Edge.
Microsoft’s new browser, also running on Chromium, is now the default choice in Windows 10 and Windows 11, but it’s also available on the other platforms, including Linux and macOS.