Available Corrective release Firefox 97.0.2 and 91.6.1 with elimination , which is assigned to critical problems. Vulnerabilities allow you to bypass sandbox-isolation and make the execution of your code with browser privileges when processing specially decorated content. It is argued that for both problems, the availability of working exploits, which are already used to perform attacks.
parts are not yet disclosed, it is known only that the first vulnerability (CVE-202-26485) is related to the appeal to the already liberated memory area (use After-free) in the code for processing the XSLT parameter, and the second
(CVE-2022-26486) by referring to the already released memory in the IPC framework WebGPU. All users are recommended to urgently install updates. Especially attentive to installing updates should be a Tor Browser user based on the Firefox 91 ESR-branch, since vulnerabilities can lead not only to the compromise system, but also to user deunionization.