Firefox 97.0.2 and Thunderbird 91.6.2 emergency updates available
The updates fix vulnerabilities that are already being actively exploited.
David FischerThe Mozilla Foundation has released emergency security updates for Firefox, Firefox Klar and Thunderbird that close vulnerabilities that fix already being actively attacked.
The updates fix two security gaps with the risk classification critical. These vulnerabilities are already being actively attacked and exploited by cybercriminals. Administrators and users should install the updates quickly.
The vulnerabilities are fixed in the new versions Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0 and Firefox Klar 97.3.0 (a version of Firefox with Tracking Protection and Ad Blocking enabled, known as Focus), and Thunderbird 91.6.2. The Mozilla Foundation does not give any further details about the vulnerabilities.
Only the CVE numbers and a short description are given in the security notification from the Mozilla developers. In both vulnerabilities, the errors occur as a result of so-called use-after-free, usually use of a pointer to memory areas that have actually already been released. The effects of this type of vulnerability generally vary from the possibility of manipulating data to crashing the software to executing injected malicious code.
You can read more about the new version 97.0.2 in the Release Notes.
If you have already installed Firefox, it is best to use the update function integrated in Firefox. This will automatically provide you with the update Firefox 97.0.2 as soon as it is available for your Firefox.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.