Mozilla has released a new update for Firefox web browser. The new update bumps the browser to v74.0.1 and patches two Use-after-free zero-day security vulnerabilities.

According to Mozilla’s security advisory, both the zero-day vulnerabilities were reported by Francisco Alonso and both exploit memory corruption flaw to execute arbitrary code.

  • CVE-2020-6819: Use-after-free while running the nsDocShell destructor- Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
  • CVE-2020-6820: Use-after-free when handling a ReadableStream- Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

Since these vulnerabilities are being exploited in the wild, users are urged to download and install the patch immediately to avoid being hacked. While Mozilla automatically downloads and updates the web browser, you can manually check for updates by going to hamburger menu Help>About Firefox and downloading the update manually.

Comments