The Mozilla Foundation released a new security update for Firefox 74.0.1 that patches two zero-day Critical vulnerabilities under active attack.
The Firefox 74.0.1 update fixes two Critical security vulnerabilities that impact Firefox browser versions running on Windows, macOS and Linux operating systems. Mozilla further warns of targeted attacks in the wild abusing each of the flaws.
The fixed Critical vulnerabilities include:
- CVE-2020-6819: Use-after-free while running the nsDocShell destructor
- CVE-2020-6820: Use-after-free when handling a ReadableStream.
Bad actors could exploit each of these vulnerabilities to execute arbitrary code or crash systems.
Mozilla also released Firefox Extended Support Release (ESR) 68.6.1 that also addresses these same two vulnerabilities.
Related Articles
- Mozilla releases Firefox 74
- Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)
- Trend Micro patches two zero-day vulnerabilities under active attack in the wild
- Microsoft February 2020 Security Updates (includes IE zero-day fix)
- The top 20 vulnerabilities to patch now (that are most under attack)