Mozilla releases a new update for Firefox fixing two zero-day vulnerabilities

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Anmol Mehrotra 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Mozilla has released a new update for Firefox web browser. The new update bumps the browser to v74.0.1 and patches two Use-after-free zero-day security vulnerabilities.

According to Mozilla’s security advisory, both the zero-day vulnerabilities were reported by Francisco Alonso and both exploit memory corruption flaw to execute arbitrary code.

  • CVE-2020-6819: Use-after-free while running the nsDocShell destructor- Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
  • CVE-2020-6820: Use-after-free when handling a ReadableStream- Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

Since these vulnerabilities are being exploited in the wild, users are urged to download and install the patch immediately to avoid being hacked. While Mozilla automatically downloads and updates the web browser, you can manually check for updates by going to hamburger menu Help>About Firefox and downloading the update manually.

Anmol Mehrotra

Anmol Mehrotra Shield

Android and Windows News Reporter

Anmol covers Android and Windows news. He's a tech writer with over a decade of experience.

User forum

0 messages