Critical Vulnerabilities in Mozilla Firefox and Firefox ESR

Published on 06 Apr 2020

Updated on 16 Apr 2020

Mozilla has released Firefox version 74.0.1 and Firefox Extended Support Release (ESR) 68.6.1 to address two critical vulnerabilities (CVE-2020-6819 and CVE-2020-6820). There are reports of targeted attacks exploiting these vulnerabilities. 

 

These vulnerabilities exist due to use-after-free errors in Firefox browser components. Successful exploitation of these vulnerabilities could corrupt memory and allow an attacker to execute arbitrary code.

 

Users of affected products are advised to install the latest security updates immediately. All users are encouraged to enable the automatic update function to ensure prompt software updates are performed.

 

More information is available at:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

https://www.bleepingcomputer.com/news/security/mozilla-patches-two-actively-exploited-firefox-zero-days/