Mozilla Released a security update and released a new Firefox 74.0.1 to patch two vulnerabilities that were already being exploited in the wild actively by attackers.
Both these vulnerabilities are reported by Francisco Alonso and Javier Marcos, well-known security researchers who have done the work together and reported to Mozilla as Zero-day bugs.
These Significant remote code Execution vulnerabilities are utilized as targeted attacks and actively used by the systems that are operating Firefox 74.0.0 and earlier versions. The attackers simply exploit these vulnerabilities and crash the Firefox browser in the well-known platforms like Windows, macOS, and Linux operating systems.
While now, if we talk about the bugs, then let me clarify that the initial one is “CVE-2020-6819”, it is basically used after free vulnerability, which simply enables the attacker to execute arbitrary code remotely, and then simply it crashes the targeted system.
CVE-20020-6819: A use-after-free flaw which is produced by a race situation while running the nsDocShell destructor. Hence, they are conscious of targeted attacks in the wild exploiting this flaw.
Now, after the first flaw, comes the next second one, which is “CVE-2020-6820”, basically, this flaw could be easily utilized when use-after-free handling a ReadableStream, and not only that, apart from this, it is also exploited in a wide range as a targeted attack.
CVE-2020-6820: A use-after-free produced by a race situation when handling a ReadableStream. Hence, they are really conscious of targeted attacks in the wild exploiting this flaw.
However, the fact is that this is the second zero-day bug this year, Mozilla fixed in Firefox. As we have already stated that both of these vulnerabilities are targeting the race condition that can produce a use-after-free, which simply enables any attackers to execute arbitrary code.
Apart from these, if we will have a look at the opportunities that are associated with the user, an attacker could easily install programs, view, modify, delete data, and even build a new account with sufficient user rights as well.
Moreover, now if you want to download the new version of Mozilla Firefox, of course, the 74.0.1, then from the below links you can do so:-
Well, the details of both the vulnerability in Mozilla’s vulnerabilities database aren’t open for public viewing, probably because of the Mozilla coders. Basically, this bug was exploited to attack the Chinese and Japanese users as part of a state-sponsored cyber-surveillance operation. However, to stay secure simply implement the updates given by Mozilla, and you should also stop visiting un-trusted websites or support links given by unknown sources.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.