{"uuid": "973b746f-c6b8-4698-8f39-fe534f82e924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26486", "type": "seen", "source": "https://t.me/cKure/8957", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework.\n\nXSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard that's been billed as a successor to the current WebGL JavaScript graphics library.\n\nThe description of the two flaws is below \u2013\n\nCVE-2022-26485 \u2013 Removing an XSLT parameter during processing could lead to an exploitable use-after-free\n\nCVE-2022-26486 \u2013 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape\n\nhttps://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html", "creation_timestamp": "2022-03-07T06:12:15.000000Z"}