News

Mozilla fixes two use-after-free zerodays in Firefox

By admin
Spread the love

Mozilla has fixed two vulnerabilities in Firefox that could allow a remote attacker to take over an entire system. Many details about the bugs are unknown, but the browser maker says the vulnerabilities were actively exploited in the wild.

Mozilla has opened two separate bug trackers for the vulnerabilities. No detailed information is available for either. These are CVE-2020-6819 and CVE-2020-6820. Both bugs are use-after-free and target memory corruption. The first vulnerability uses the nsDocShell destructor, the other from ReadableStream. Both functions can cause a use-after-free. This would make it possible to take over a user’s system by only visiting a certain website. Two security researchers discovered the vulnerabilities, but have not disclosed any details about them yet. Those will follow later. The researchers also say they have information about the same type of vulnerability in other browsers.

Mozilla says it has evidence that the zerodays were actively being abused in the wild, but no details are known about that either. The company recommends that all users update Firefox to version 74.0.1 or Firefox ESR 68.6.1.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

‘AMD wants to sell Radeon RX 7700 and RX 7800 series from September’

News

Brave sells web content as data for AI training