■■■■■ Zero-Day: CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework.
XSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard that’s been billed as a successor to the current WebGL JavaScript graphics library.
The description of the two flaws is below –
CVE-2022-26485 – Removing an XSLT parameter during processing could lead to an exploitable use-after-free
CVE-2022-26486 – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape
https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html
https://t.me/cKure/10867