Mozilla recently rolled out an important update to the Firefox browser. With the release of Firefox 74.0.1, Mozilla has addressed two critical zero-day bugs under active exploit.
Critical Firefox Zero-day Bugs
As evident from Mozilla’s recent advisory, two critical severity bugs existed in the Firefox browser. What’s troublesome is that both the vulnerabilities caught the attention of criminal hackers before Mozilla could address them.
According to the advisory, both the vulnerabilities were use-after-free flaws affecting different components. The first of these CVE-2020-6819 would exist when running the nsDocShell destructor. Whereas, the second, CVE-2020-6820 existed during handling a ReadableStream. A race condition would cause use-after-free in both cases.
Mozilla admitted the exploitation of both vulnerabilities in the wild. As stated,
We are aware of targeted attacks in the wild abusing this flaw.
The tech giant acknowledged Francisco Alonso and Javier Marcos for reporting both the flaws.
Mozilla Patched The Flaws With Firefox 74.0.1
At present, neither Mozilla nor the researchers have shared any explicit details regarding the vulnerabilities or their exploitation.
Nonetheless, the researchers appreciate how Mozilla swiftly released the patches for both bugs amidst COVID-19 chaos.
Mind blowing the work of Mozilla Security folks, racing against time and taking the necessary measures at this difficult time to fix and release.
— Francisco Alonso (@revskills) April 3, 2020
Nonetheless, they also hint that the same bugs potentially affect other browsers as well.
There is still lots of work to do and more details to be published (including other browsers). Stay tuned.
— Francisco Alonso (@revskills) April 3, 2020
For now, Mozilla Firefox 74.0.1 is out for all users. Hence, every user should ensure update their devices with the latest version to avoid the chance of exploitation.
The present update comes a few weeks after Mozilla rolled out its Firefox 74 with major security upgrades. It not only included bug fixes but also made the ‘Facebook Container’ extension publicly available.
In a related story, Twitter has also addressed a bug that allowed Firefox to store users’ private files in cache. This would also affect the private files shared via users’ DMs, causing a privacy breach for the users of public PCs.
