Mozilla developers have released new versions of Firefox 74.0.1 and Firefox ESR 68.6.1 web browsers. Users are advised to update their browsers as the versions provided fix two zero-day vulnerabilities that are used by hackers in practice.
We are talking about vulnerabilities CVE-2020-6819 and CVE-2020-6820 related to how Firefox manages its memory space. These are so-called memory use-after-release vulnerabilities and allow hackers to place arbitrary code in Firefox's memory for further execution in the context of the browser. Such vulnerabilities can be used to remotely execute code on victim devices.
Details of actual attacks using the mentioned vulnerabilities are not disclosed, which is a common practice among software vendors and security researchers. This is due to the fact that all of them usually focus on the prompt elimination of detected problems and the delivery of fixes to users, and only after that a more detailed investigation of attacks is carried out.
According to reports, Mozilla will investigate attacks using these vulnerabilities in conjunction with the information security company JMP Security and researcher Francisco Alonso (Francisco Alonso), who first discovered the problem. The researcher suggests that the vulnerabilities eliminated in the latest Firefox update may affect other browsers, although there are no known cases when bugs were exploited by hackers in different web browsers.
Source: 3dnews.ru