The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced the inclusion of 11 security holes in its Known Exploited Vulnerabilities Catalog.
CISA created the list – which now contains roughly 500 flaws – to help federal agencies prioritize patching within their environments. CISA told SecurityWeek it has evidence of in-the-wild exploitation for all of the security issues on the list.
The most recent of the newly added bugs are two zero-day vulnerabilities in Firefox, for which Mozilla issued an emergency update over the weekend.
Tracked as CVE-2022-26485 and CVE-2022-26486 and rated “critical severity,” the security holes are described as use-after-free issues. This type of flaw usually leads to arbitrary code execution.
Firefox 97.0.2, Firefox ESR…
Source link
