Your Firefox browser needs to be patched as soon as possible, as a couple of zero-day vulnerabilities (CVE-2020-6819, CVE-2020-6820) have been detected.
The vulnerabilities are rated critical as they allow remote code execution, and it appears that they were actively exploited in the wild in targeted attacks, as per the official Mozilla Foundation security advisory.
CVE-2020-6819
This vulnerability has been fixed in Firefox 74.0.1 and Firefox ESR 68.6.1. Its impact is critical. There haven’t been any specifications about the nature of the vulnerability in Mozilla’s advisory, and MITRE’s advisory is yet to be updated.
CVE-2020-6820
This vulnerability has been described as a “use-after-free” issue when handling a ReadableStream. The bug was reported by security researchers Francisco Alonso and Javier Marcos.
“Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw,” Mozilla’s advisory explains.
Both vulnerabilities are critical, and enable remote code execution attacks. If exploited, the bugs could trigger crashes on vulnerable machines running Firefox prior to version 74.0.1 or its business-oriented Firefox Extended Support Release 68.6.1. Firefox on Windows, macOS, and Linux is vulnerable. There are close to no details about how these vulnerabilities are being used in attacks in the wild.
What is known is that the worst-case scenario involves an attack where arbitrary code execution is allowed. According to the Center for Internet Security (CIS), depending on the privileges of the user, a threat actor could install programs, view, change or delete data, or create new accounts with full user rights. Users with fewer user rights on the particular system could be less impacted than those with admin rights.
Patches are already available for the following versions of Firefox: Firefox 74.0.1 for Windows 64-bit, Firefox 74.0.1 for Windows 32-bit, Firefox 74.0.1 for macOS, Firefox 74.0.1 for Linux 64-bit and Firefox 74.0.1 for Linux 32-bit.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: