Sponsored By

Mozilla Patches Two Critical Zero-Days in Firefox

The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.

Dark Reading Staff

April 6, 2020

1 Min Read

Mozilla has patched two Critical vulnerabilities in Firefox 74.0.1 and Firefox ESR 68.6.1, released on April 3. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an alert encouraging users and admins to review the advisory and apply the necessary patches.

CVE-2020-6819 and CVE-2020-6820 have been seen exploited in targeted attacks. Both flaws can cause a use-after-free vulnerability, a type of memory corruption flaw attackers can use to execute arbitrary code or potentially enable remote code execution capabilities.

CVE-2020-6819 exists under certain conditions when running the nsDocShell destructor; a race condition can cause a use-after-free vulnerability. CVE-2020-6820 exists under certain conditions when handling a ReadableStream; a race condition can cause a use-after-free flaw. Mozilla did not provide details on how attackers are using these flaws or what their targets are.

Mozilla credits vulnerability researchers Francisco Alonso and Javier Marcos for discovering the vulnerabilities.

Read the full advisory here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "This Is Not Your Father's Ransomware."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights