26 C
Jaipur
Saturday, October 31, 2020

Firefox 74.0.1 Fixes 2 Zero-Day Bugs That Exploited in Wide

Must read

Telegram 7.2.0 Adds Multiple Pinned Messages, Live Location Alerts, and More

After adding search filters and anonymous group admins last month, Telegram is rolling out a new update (version 7.2.0). The update comes with features...

Xiaomi Wear 2.0 App Arrives with Redesigned UI, Several New Features

Xiaomi is looking to slowly transition users from the Mi Fit app over to Xiaomi Wear. It debuted this app alongside the Redmi Band...

NASA has recommended its own ‘music’ playlist

Three days back, on October 28, the official Twitter handle of the US space agency NASA posted a cryptic tweet, baffling the...

Its time to update your Firefox Now!!

Mozilla released a security update with Firefox 74.0.1 & Firefox ESR 68.6.1 release and fixed 2 critical Zero-day vulnerabilities that actively exploited in wide as a targeted attack.

Both of the vulnerabilities are reported by Francisco Alonso and Javier Marcos, security researchers who have been worked together and reported it as Zero-day bugs.

These Critical remote code execution vulnerabilities are used as targeted attacks and actively exploited the systems that running Firefox 74.0.0 and earlier versions.

Attackers exploit these vulnerabilities and crash the Firefox running Windows, macOS and Linux operating systems.

Firefox 74.0.1

The first one is Use after free vulnerability (CVE-2020-6819) that allow the attacker to execute an arbitrary core remotely and crash the targeted system.

According to Firefox security update report “Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.”

Second Vulnerability (CVE-2020-6820) can be exploited when Use-after-free handling a ReadableStream, and is exploited in wide as a targeted attack.

“Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.”

Both vulnerabilities are targeting the race condition can cause a use-after-free that allows attackers to execute arbitrary code, depending on the privileges associated with the user an attacker could then install programs; view, change or delete data; or create new accounts with full user rights.

You can Download the new Firefox 74.0.1 from the following:

All the Firefox users apply the updates provided by Mozilla to vulnerable systems, immediately after appropriate testing, also users recommended not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Also Read: Firefox Brings DNS over HTTPS by Default for U.S Users: Here’s How to Enable It

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Telegram 7.2.0 Adds Multiple Pinned Messages, Live Location Alerts, and More

After adding search filters and anonymous group admins last month, Telegram is rolling out a new update (version 7.2.0). The update comes with features...

Xiaomi Wear 2.0 App Arrives with Redesigned UI, Several New Features

Xiaomi is looking to slowly transition users from the Mi Fit app over to Xiaomi Wear. It debuted this app alongside the Redmi Band...

NASA has recommended its own ‘music’ playlist

Three days back, on October 28, the official Twitter handle of the US space agency NASA posted a cryptic tweet, baffling the...

Worldwide tablet shipments recorded 24.9% in Q3 2020, according to IDC

The global tablet market has seen a 24.9% year-over-year growth in the third quarter of 2020, according to a report by IDC....