Mozilla released a security update with Firefox 74.0.1 & Firefox ESR 68.6.1 release and fixed 2 critical Zero-day vulnerabilities that actively exploited in wide as a target attrack.
The new vulnerabilities are reported by Francisco Alonso and Javier Marcos both security researcher who have been worked together and reported it as Zero-day bugs.
These Critical remote code execution vulnerabilities are used as targeted attacks exploited the systems that running FireFox 74.0.0 and earlier versions. Attracter’s exploit these vulnerabilities and crash the Firefox running Windows, macOS and Linux operating systems.
The Firefox first security update reported fix vulnerability ( CVE-2020-6819) – Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.”
The FireFox second security update reported fix vulnerability ( CVE-2020-6820 ) can be exploited when Use-after-free-handing a ReadableStream and is exploited, Under certain conditions, when handing a ReadableStream, a race condition can cause a user-after-free. We are aware of targeted attacks in the wild abusing this flaw”
You can Download the new FireFox 74.0.1 from the following.
All the Firefox users can apply the updated provided by Mozilla to venerable system, immediately after appropriate testing also users.