Mozilla Foundation just fix couple of critical vulnerabilities in the current version of their web browser. The two vulnerabilities belong to the so-called 'use-after-free' type and can be used to execute an attacker's code in the browser on the user's system.
On the security advisory team wrote that they have already observed the exploration of these vulnerabilities. Both the bugs were identified as CVE-2020-6819 and CVE-2020-6820.
Both these bugs were patched on 74.0.1 of the current Firefox browser and version 68.6.1 of the ESR branch of Firefox and in all platforms including Windows, MacOS and Linux.
Users are recommended to immediately update there browser as attacks are already in action.
The vulnerabilities were reported by Francisco Alonso from revskills and Javier Marcos from JMPSec. They concern possible race conditions when using the nsDocShell destructor and when using a ReadableStream.
At the meantime there is no future details about the bug, but researcher points out that other browsers may also be affected.
On the security advisory team wrote that they have already observed the exploration of these vulnerabilities. Both the bugs were identified as CVE-2020-6819 and CVE-2020-6820.
Both these bugs were patched on 74.0.1 of the current Firefox browser and version 68.6.1 of the ESR branch of Firefox and in all platforms including Windows, MacOS and Linux.
Users are recommended to immediately update there browser as attacks are already in action.
The vulnerabilities were reported by Francisco Alonso from revskills and Javier Marcos from JMPSec. They concern possible race conditions when using the nsDocShell destructor and when using a ReadableStream.
At the meantime there is no future details about the bug, but researcher points out that other browsers may also be affected.