Mozilla patches two critical bugs in Firefox that could cause attackers to run arbitrary code on the victims’ computers.
The Firefox browser is pulled with two critical vulnerabilities that are now fixed with the latest version of the browser. Mozilla writes in his advice that the vulnerabilities have been exploited in the wild – so there are ready-made attacks that attackers use. The US security agency CISA has also issued warnings about these vulnerabilities.
The first vulnerability, with tracking number CVE-2020-6819. is a use-after-free bug caused by a “race condition” during nsDocShell execution.The second vulnerability with tracking number CVE-2020-6820, similar to the first but caused by ReadableStream, writes Bleeping Computer.
Both vulnerabilities can be exploited by tricking users into visiting a site with prepared code. The site can then place and run malicious code on the victims’ computers and gain control over the computers.
The vulnerabilities are fixed with version Firefox 74.0.1 and the company version Firefox ESR 68.6.1. All previous versions of the browser are considered vulnerable. The easiest way to update your browser is to go into the settings under Firefox menu, Help, About Firefox and click Update Firefox.