834631 – <www-client/firefox{-bin,}-{91.6.1,97.0.2}: code execution and sandbox escape (actively exploited)

Bug 834631 - <www-client/firefox{-bin,}-{91.6.1,97.0.2}: code execution and sandbox escape (actively exploited)

Summary: <www-client/firefox{-bin,}-{91.6.1,97.0.2}: code execution and sandbox escape...

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://www.mozilla.org/en-US/securit...
Whiteboard:	A2 [glsa?]
Keywords:

Depends on:	834649
Blocks:	CVE-2022-26485, CVE-2022-26486
	Show dependency tree

Reported:	2022-03-05 17:28 UTC by John Helmert III
Modified:	2022-03-09 01:45 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-03-05 17:28:27 UTC

CVE-2022-26485:

Removing an XSLT parameter during processing could have lead to an
exploitable use-after-free. We have had reports of attacks in the wild
abusing this flaw.

CVE-2022-26486:

An unexpected message in the WebGPU IPC framework could lead to a
use-after-free and exploitable sandbox escape. We have had reports of
attacks in the wild abusing this flaw.

Comment 1 John Helmert III archtester

2022-03-05 17:29:13 UTC

Please stabilize ASAP, if we're able.

Comment 2 Joonas Niilola gentoo-dev

2022-03-08 08:40:46 UTC

Cleaned. 

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0923adb720b30967b3bbcbf1624dd8d4b0ab1e37