Mozilla urgently released Firefox 74.0.1 and Firefox ESR 68.6.1 versions and fixed two errors in its memory space management method. The two vulnerabilities are CVE-2020-6819 and CVE-2020-6820, which are both rated as “critical”. This type of “user-after-free” vulnerability allows hackers to put code in Firefox’s memory and execute the code in the context of the browser.
Security researcher Francisco Alonso discovered these two vulnerabilities but did not report more details. Alonso said that these two vulnerabilities have been exploited in the wild abusing, and other browsers may be similarly affected, and more related news will be released in the future.
Obviously, the current official priority is to focus on the release of the patch before further investigation. It is recommended that all Firefox users update and repair as soon as possible.
This is the second time Mozilla has carried out a 0 day bug fix in Firefox this year. In January, with the release of Firefox v72.0.1, it fixed another bug that hacker user these flaws to attack users in China and Japan.