Firefox gets fixes for two zero-days exploited in the wild

ZDNet – by Catalin Cimpanu

Firefox users are advised to update their browsers to patch two bugs that are being exploited in the real world by hackers.

The fixes are available in Firefox 74.0.1, released earlier today. This new Firefox version includes fixes for CVE-2020-6819 and CVE-2020-6820, two bugs that reside in the way Firefox manages its memory space.

The bugs are so-called user-after-free vulnerabilities, which allow hackers to place code inside Firefox’s memory and have it executed in the browser’s context. Such bugs can be exploited to run code on victim’s devices, although the impact and reach of such code usually varies.

Details about the actual attacks where these two bugs are being exploited are still kept under wraps — a common practice among software vendors and security researchers, as they focus on delivering patches first and then investigating the attacks further.

Mozilla credited security researchers Francisco Alonso and Javier Marcos with discovering the two zero-days.

In a tweet today, Alonso suggested that the bugs discovered today might also impact other browsers, although it is unclear if those browsers have been exploited as well.

This is the second zero-day that Mozilla patches in Firefox this year. It patched another bug in January, with the release of Firefox v72.0.1. That bug was exploited to attack users in China and Japan as part of a state-sponsored cyber-espionage campaign, according to reports published by Qihoo 360 and Japan CERT.


2 thoughts on “Firefox gets fixes for two zero-days exploited in the wild

  1. Thank you very much Flee. My survey earnings were jeopardized by my using Brave to complete them so I had to start using Firefox. Koyote’s laptop was purchased at a pawn shop and I do not seem to be able to access the boot menu or BIOS to install Linux. If you have any suggestions please contact Henry for my email.

  2. How old is it and brand….. ?
    When you first turn it on…..
    It should give you the option to boot as normal or select boot device.
    Some bios’s do a quick boot that won’t display ithe options for , F12 etc…. to select another device.
    Hard to say….
    I don’t have any info on the laptop etc….Model…
    You should be able to find it on the model and google the make etc…

Join the Conversation

Your email address will not be published. Required fields are marked *