Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes

Martin Brinkmann
Mar 5, 2022
Firefox
|
13

Mozilla released new versions of its Firefox web browser on March 5, 2022. The new browser versions fix two critical security vulnerabilities in the Firefox web browser.

firefox 97.0.2

Updates are available for Firefox 97.0.2 Stable, Firefox ESR 91.6.1, Firefox for Android 97.3.0 and Firefox Focus 97.3.0.

All browser versions are configured to update automatically, but that happens on a scheduled rollout and not instantly. Firefox desktop users may speed up the installation of the security update by doing the following: Select Menu > Help > About Firefox

ADVERTISEMENT

A small window opens that displays the version that is installed currently. Firefox runs a check for updates when the window opens, and will either download the new update automatically or on user request. Firefox needs to be restarted to complete the process. Versions 97.02 or 91.6.1 should be displayed afterwards when the about window is opened, depending on the branch of Firefox that is used.

Firefox on Android is updated through Google Play. There is no option to speed up the installation of the update via Google Play.

The official release notes list the following fixed security vulnerabilities in the Firefox releases:

Critical -- CVE-2022-26485: Use-after-free in XSLT parameter processing

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.

Critical -- CVE-2022-26486: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

Both vulnerabilities have a severity rating of critical, the highest rating available. Mozilla notes that both vulnerabilities are exploited in the wild, but it is unclear how widespread the attacks are. The linked bugs are not public.

Firefox users are encouraged to update their browsers as soon as possible to protect the browser and data against attacks targeting the vulnerabilities.

Summary
Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes
Article Name
Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes
Description
Mozilla released new versions of its Firefox web browser on March 5, 2022. The new browser versions fix two critical security vulnerabilities in the Firefox web browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. so funny hahaha said on March 5, 2022 at 9:53 am
    Reply

    oh no! vulnerabilities, critical even. gasp! *flashback* chrome post.

  2. Dumbledalf said on March 5, 2022 at 11:26 am
    Reply

    Firefox Blink when?

    1. Dumb-ledalf said on March 5, 2022 at 12:54 pm
      Reply

      When Chrome will switch to webkit, of couse.

      1. Dumbledalf said on March 5, 2022 at 6:09 pm
        Reply

        Chrome never stopped being WebKit, just a more improved version of it. In case you didn’t know. xD

  3. Anonymous said on March 5, 2022 at 3:50 pm
    Reply

    I don’t know, but I have Firefox esr 91.7.0 (Ubuntu 20.04).
    Just sayin.

    1. Martin Brinkmann said on March 5, 2022 at 4:52 pm
      Reply
    2. Martin Brinkmann said on March 5, 2022 at 4:53 pm
      Reply

      Firefox 91.7.0 ESR does not appear to be released yet (unless downloaded from distribution mirrors) https://www.mozilla.org/en-US/firefox/91.7.0/releasenotes/

      1. Anonymous said on March 5, 2022 at 9:44 pm
        Reply

        I’m not sure how I got it, but today I received the same release through Ubuntu software(91.7.0).
        I also have 97.0.2, but I don’t normally use it – I look at the new features and test them, but
        my daily driver is the esr release.
        Thanks for the information.

      2. Anonymous said on March 6, 2022 at 7:05 am
        Reply

        You are right Martin. I get Firefox esr 91.6.1 on Windows 8.1, but it is 91.7.0 on Ubuntu.

  4. John G. said on March 5, 2022 at 4:17 pm
    Reply

    It’s a real miracle that Firefox solves something without breaking other thing. Anyway, thanks! :]

    1. Craig said on March 5, 2022 at 5:38 pm
      Reply

      I am equally shocked at this seeming impossibility! I’ve got substantial css code that makes my FF both gorgeous and very nearly perfect in function… [tabs-on-bottom, multirow BM’s, custom button’s, menus, controls and and a pile of other theme tweaks]….and not one line of it has been broken in several updates!!
      Of course, now that I’ve said that out loud, I’ll deserve all the script chaos v.98.x will now bring me…….

      1. ULBoom said on March 6, 2022 at 3:53 pm
        Reply

        @Craig,

        Mine works too, yay!

  5. DandConfuzed said on March 5, 2022 at 10:06 pm
    Reply

    I’m on Linux Mint 20.3 and I’ve been getting FF 91.7.0 ESR build variants offered up to me since 5 or so days ago and I’m still on 91.6.0 ESR as I’ll not update to a release before it’s release date. And I’ve been wondering why that I have been getting pre-release FF Builds offered to me as I’m only interested in getting the release date builds of FF ESR.

    I will not update to any new Firefox ESR/Non ESR update until it’s written about at Ghacks and a few other online sites so I can do my due diligence to make sure there are not any regressions with any new FF Update.

    But what’s up with FF 91.7.0 ESR getting offered up before it’s due date? Linux Mint’s Update manager will only offer up the latest but I’m not offered any patched version of FF 91.6.0 that should be FF 91.6.1 and not what being offered as I’m only offered FF 91.7.0 ESR build variants.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.