Mozilla Patches Two Critical Zero-Days in Firefox

The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.

Mozilla has patched two Critical vulnerabilities in Firefox 74.0.1 and Firefox ESR 68.6.1, released on April 3. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an
alert
encouraging users and admins to review the advisory and apply the necessary patches.
CVE-2020-6819 and CVE-2020-6820 have been seen exploited in targeted attacks. Both flaws can cause a use-after-free vulnerability, a type of memory corruption flaw attackers can use to execute arbitrary code or potentially enable remote code execution capabilities.
CVE-2020-6819 exists under certain conditions when running the nsDocShell destructor; a race condition can cause a use-after-free vulnerability. CVE-2020-6820 exists under certain conditions when handling a ReadableStream; a race condition can cause a use-after-free flaw. Mozilla did not provide details on how attackers are using these flaws or what their targets are.
Mozilla credits vulnerability researchers Francisco Alonso and Javier Marcos for discovering the vulnerabilities.
Read the full advisory
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
This Is Not Your Fathers Ransomware.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mozilla Patches Two Critical Zero-Days in Firefox