Network Security

Firefox Fixes 2 Zero-Day Bugs That Allow Hackers To Execute Arbitrary Code Remotely

Mozilla Released a security update and released a new Firefox 74.0.1 to patch two vulnerabilities that were already being exploited in the wild actively by attackers.

Both these vulnerabilities are reported by Francisco Alonso and Javier Marcos, well-known security researchers who have done the work together and reported to Mozilla as Zero-day bugs.

These Significant remote code Execution vulnerabilities are utilized as targeted attacks and actively used by the systems that are operating Firefox 74.0.0 and earlier versions. The attackers simply exploit these vulnerabilities and crash the Firefox browser in the well-known platforms like Windows, macOS, and Linux operating systems.

While now, if we talk about the bugs, then let me clarify that the initial one is “CVE-2020-6819”, it is basically used after free vulnerability, which simply enables the attacker to execute arbitrary code remotely, and then simply it crashes the targeted system.

CVE-20020-6819: A use-after-free flaw which is produced by a race situation while running the nsDocShell destructor. Hence, they are conscious of targeted attacks in the wild exploiting this flaw.

Now, after the first flaw, comes the next second one, which is “CVE-2020-6820”, basically, this flaw could be easily utilized when use-after-free handling a ReadableStream, and not only that, apart from this, it is also exploited in a wide range as a targeted attack.

CVE-2020-6820: A use-after-free produced by a race situation when handling a ReadableStream. Hence, they are really conscious of targeted attacks in the wild exploiting this flaw.

However, the fact is that this is the second zero-day bug this year, Mozilla fixed in Firefox. As we have already stated that both of these vulnerabilities are targeting the race condition that can produce a use-after-free, which simply enables any attackers to execute arbitrary code.

Apart from these, if we will have a look at the opportunities that are associated with the user, an attacker could easily install programs, view, modify, delete data, and even build a new account with sufficient user rights as well.

Moreover, now if you want to download the new version of Mozilla Firefox, of course, the 74.0.1, then from the below links you can do so:-

Well, the details of both the vulnerability in Mozilla’s vulnerabilities database aren’t open for public viewing, probably because of the Mozilla coders. Basically, this bug was exploited to attack the Chinese and Japanese users as part of a state-sponsored cyber-surveillance operation. However, to stay secure simply implement the updates given by Mozilla, and you should also stop visiting un-trusted websites or support links given by unknown sources.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read: Top 10 Dangerous DNS Attacks Types and The Prevention Measures

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

9 hours ago

Beware of Free VPNs that Install Malicious Botnets

Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of…

12 hours ago

HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication

Hewlett Packard Enterprise (HPE) has addressed a critical vulnerability in its 3PAR Service Processor software…

15 hours ago

Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution

Google has announced the release of Chrome 126, a critical security update that addresses 10…

16 hours ago

CrowdStrike Update Pushing Windows Machines Into a BSOD Loop

A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users…

18 hours ago

Oracle WebLogic Server Vulnerability Allows Complete Server Take Over

A critical vulnerability identified as CVE-2024-21181 has been discovered in the Oracle WebLogic Server, posing…

18 hours ago