Mozilla, the firm behind the popular web browser Firefox, has released a fix for two critical zero-day vulnerabilities that are actively been exploited by hackers.
The Firefox developers said that are aware of “reports of attacks in the wild” actively exploiting these vulnerabilities.
“We have had reports of attacks in the wild abusing these flaws,” said Mozilla.
Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared.
When threat actors exploit this kind of bug, it can cause the program to crash, allowing commands to be executed on the device without permission, reports Bleeping Computer.
“These bugs are critical because they could allow a remote attacker to execute almost any command, including the downloading of malware to provide further access to the device,” the report mentioned late on Sunday.
The company strongly recommended Firefox users to immediately update their browsers.
Mozilla recently patched nine of the 10 bugs affecting its software within 90 days of the initial report.
It also took an average 46 days to fix bugs compared to 44 days for Google, 69 days for Apple, and 83 days for Microsoft, reports ZDNet.