Ò»�¡¢�¡¢Åä¾°½éÉÜ
¿ËÈÕ�£¬ÊÐίÍøÐÅ°ìÊÖÒÕÖ§³Öµ¥Î»¼à²âµ½MozillaÐû²¼ÁËÒ»¸ö½ôÆÈÎó²îÐÞ¸´Í¨¸æ�£¬ÐÞ¸´ÁËFirefoxä¯ÀÀÆ÷ÖеÄÁ½¸öÎó²î£¨CVE-2022-26485�¡¢�¡¢CVE-2022-26486£©�¡£
1.1 Îó²îÐÎò
1�¡¢�¡¢CVE-2022-26485ÊÇFirefoxµÄGeckotäÖȾÒýÇæ/ÅÅ°æÒýÇæÖеÄÒ»¸öÎó²î�¡£ÔÚFirefoxäÖȾҳÃæʱ´ú�£¬É¾³ýÒ»¸öXSLT²ÎÊý¿ÉÄÜ»áÔì³ÉÒ»¸ö¿É¾ÙÐÐÎó²îʹÓõÄÊͷźóÖØÒýÓÃÎó²î�¡£
2�¡¢�¡¢CVE-2022-26486ÊÇFirefoxµÄWebGPU IPC¿ò¼ÜÖеÄÒ»¸öÊͷźóÖØÒýÓÃÎó²î�¡£WebGPU IPC¿ò¼ÜÖеÄÒ»¸öÌØÊâµÄÐÂÎÅ¿ÉÄÜ»áÔì³ÉÒ»¸ö¿É¾ÙÐÐÎó²îʹÓõÄÊͷźóÖØÒýÓÃÎó²î�£¬¿ÉÓÃÓÚFirefoxɳÏäµÄÌÓÒÝ�¡£
¹¥»÷ÕßʹÓÃÕâÁ½¸öÎó²î¿ÉÒÔÔÚÄ¿µÄ×°±¸ÉÏʵÏÖÔ¶³Ìí§Òâ´úÂëÖ´ÐÐ�¡£
1.2 Îó²î±àºÅ
CVE-2022-26485
CVE-2022-26486
1.3 Îó²îÆ·¼¶
¸ßΣ
¶þ�¡¢�¡¢ÐÞ¸´½¨Òé
2.1 ÊÜÓ°Ïì°æ±¾
Firefox 97.0.2
Firefox ESR 91.6.1
Firefox for Android 97.3
Focus 97.3
2.2 ÐÞ¸´½¨Òé
Mozilla¹Ù·½ÒÑÐû²¼²¹¶¡�£¬½¨ÒéʹÓÃFirefoxä¯ÀÀÆ÷µÄÓû§�£¬ÊµÊ±¸üÐÂÖÁÇå¾²°æ±¾�¡£
¹Ù·½Í¨¸æ�£º
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
