Firefox security update (74.0.1) patches two zero-day critical vulnerabilities

Firefox security update (74.0.1) patches two zero-day critical vulnerabilities

The Mozilla Foundation released a new security update for Firefox 74.0.1 that patches two zero-day Critical vulnerabilities under active attack.

The Firefox 74.0.1 update fixes two Critical security vulnerabilities that impact Firefox browser versions running on Windows, macOS and Linux operating systems. Mozilla further warns of targeted attacks in the wild abusing each of the flaws.

The fixed Critical vulnerabilities include:

  • CVE-2020-6819: Use-after-free while running the nsDocShell destructor
  • CVE-2020-6820: Use-after-free when handling a ReadableStream.

Bad actors could exploit each of these vulnerabilities to execute arbitrary code or crash systems.

Mozilla also released Firefox Extended Support Release (ESR) 68.6.1 that also addresses these same two vulnerabilities.

Related Articles