Satnam Narang, a senior workers analysis engineer at Tenable, famous in an interview that Mozilla hasn’t supplied particulars concerning the exploit. “Sadly, with out the total context we don’t understand how widespread exploitation was,” he stated. “I think about it’s not super-wide, as a result of if it was, we in all probability would have heard extra about it. So I’d err on the facet of this possible being utilized in restricted style in focused assaults.”
Most IT directors have auto-updating enabled by default, he added.
Use-after-free [UAF] vulnerabilities in purposes are frequent, Narang stated. In 2023, UAF vulnerabilities have been on the prime of the US Cybersecurity and Infrastructure Safety Company’s recognized exploited vulnerabilities [KEV] catalogue. By comparability, MITRE’s wider listing of bugs put UAF vulnerabilities in fourth place.
