NVD disclosure day

Published threat advisories for December 22, 2022

CVE-2022-26486

Firefox: Use-After-Free Vulnerability Leading to Sandbox Escape.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An unexpected message in the WebGPU IPC framework could lead to a sandbox escape, allowing attackers to potentially access systems and data. Reports indicate this flaw is actively exploited in the wild, posing a business risk to organizations using affected Mozilla products.

NVD published: December 22, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-26485

Firefox and Thunderbird Use-After-Free Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in XSLT processing may allow attackers to execute arbitrary code. Exploitation in the wild has been reported, posing a risk to affected organizations. Prompt remediation is advised.

NVD published: December 22, 2022 • CISA KEV