The Mozilla Foundation has released Firefox 74 that addresses multiple vulnerabilities. Attackers could exploit some of the vulnerabilities to take control of impacted systems.
In the latest security advisory 2020-08, Mozilla addressed five high severity, six moderate and one low rated vulnerabilities.
The fixed high risk bugs include:
- CVE-2020-6805: Use-after-free when removing data about origins
- CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
- CVE-2020-6807: Use-after-free in cubeb during stream destruction
- CVE-2020-6814: Memory safety bugs
- CVE-2020-6815: Memory and script safety bugs.
Also, Mozilla noted that the memory safety bugs could be exploited to run arbitrary code.