CVE-2022-26485: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. CVE-2022-26486: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
Please stabilize ASAP, if we're able.
Cleaned. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0923adb720b30967b3bbcbf1624dd8d4b0ab1e37
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=28683764d95cb78c056bdf67f3245ad0eb5c6bbe commit 28683764d95cb78c056bdf67f3245ad0eb5c6bbe Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:06:48 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:28 +0000 [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/834631 Bug: https://bugs.gentoo.org/834804 Bug: https://bugs.gentoo.org/836866 Bug: https://bugs.gentoo.org/842438 Bug: https://bugs.gentoo.org/846593 Bug: https://bugs.gentoo.org/849044 Bug: https://bugs.gentoo.org/857045 Bug: https://bugs.gentoo.org/861515 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-08.xml | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+)
GLSA released, all done!