March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Avaddon Ransomware – Active IOCs
March 7, 2022
Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022
Rewterz Threat Alert – Avaddon Ransomware – Active IOCs
March 7, 2022
Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022
Severity
High
Analysis Summary
CVE-2022-26486
Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebGPU IPC framework. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-26485
Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in XSLT parameter processing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-26486
- CVE-2022-26485
Affected Vendors
- Mozilla
Affected Products
- Mozilla Firefox 97
- Mozilla Firefox ESR 91.6
- Mozilla Firefox for Android 97
- Mozilla Focus 97
Remediation
Refer to Mozilla Advisory for the patch, upgrade or suggested workaround information.
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/