Mozilla releases a new update for Firefox fixing two zero-day vulnerabilities

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Mozilla has released a new update for Firefox web browser. The new update bumps the browser to v74.0.1 and patches two Use-after-free zero-day security vulnerabilities.

According to Mozilla’s security advisory, both the zero-day vulnerabilities were reported by Francisco Alonso and both exploit memory corruption flaw to execute arbitrary code.

  • CVE-2020-6819: Use-after-free while running the nsDocShell destructor- Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
  • CVE-2020-6820: Use-after-free when handling a ReadableStream- Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

Since these vulnerabilities are being exploited in the wild, users are urged to download and install the patch immediately to avoid being hacked. While Mozilla automatically downloads and updates the web browser, you can manually check for updates by going to hamburger menu Help>About Firefox and downloading the update manually.

More about the topics: mozilla, Mozilla Firefox