Mozilla Patches Two Critical Zero-Days in Firefox

  /     /     /  
Publicated : 23/11/2024   Category : security


Mozilla Patches Two Critical Zero-Days in Firefox


The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.



Mozilla has patched two Critical vulnerabilities in Firefox 74.0.1 and Firefox ESR 68.6.1, released on April 3. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an
alert
encouraging users and admins to review the advisory and apply the necessary patches.
CVE-2020-6819 and CVE-2020-6820 have been seen exploited in targeted attacks. Both flaws can cause a use-after-free vulnerability, a type of memory corruption flaw attackers can use to execute arbitrary code or potentially enable remote code execution capabilities.
CVE-2020-6819 exists under certain conditions when running the nsDocShell destructor; a race condition can cause a use-after-free vulnerability. CVE-2020-6820 exists under certain conditions when handling a ReadableStream; a race condition can cause a use-after-free flaw. Mozilla did not provide details on how attackers are using these flaws or what their targets are.
Mozilla credits vulnerability researchers Francisco Alonso and Javier Marcos for discovering the vulnerabilities.
Read the full advisory
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
This Is Not Your Fathers Ransomware.


Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mozilla Patches Two Critical Zero-Days in Firefox