Can we expect a stable Tor Browser release soon? ESR 91.6.1 appears to fix some critical security issues:
– Firefox ESR 91.6.1 is out with critical security fixes –
"The official release notes list the following fixed security vulnerabilities in the Firefox releases:
- Critical – CVE-2022-26485: Use-after-free in XSLT parameter processing
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
- Critical – CVE-2022-26486: Use-after-free in WebGPU IPC Framework
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
Both vulnerabilities have a severity rating of critical, the highest rating available. Mozilla notes that both vulnerabilities are exploited in the wild, but it is unclear how widespread the attacks are. The linked bugs are not public.
Firefox users are encouraged to update their browsers as soon as possible to protect the browser and data against attacks targeting the vulnerabilities."