Rewterz Threat Alert – Avaddon Ransomware – Active IOCs
March 7, 2022Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022Rewterz Threat Alert – Avaddon Ransomware – Active IOCs
March 7, 2022Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022Severity
High
Analysis Summary
CVE-2022-26486
Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebGPU IPC framework. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-26485
Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in XSLT parameter processing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-26486
- CVE-2022-26485
Affected Vendors
- Mozilla
Affected Products
- Mozilla Firefox 97
- Mozilla Firefox ESR 91.6
- Mozilla Firefox for Android 97
- Mozilla Focus 97
Remediation
Refer to Mozilla Advisory for the patch, upgrade or suggested workaround information.
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/