Firefox gets fixes for two zero-days exploited in the wild


Firefox users are advised to update their browsers to patch two bugs that are being exploited in the real world by hackers.

The fixes are available in Firefox 74.0.1, released earlier today. This new Firefox version includes fixes for CVE-2020-6819 and CVE-2020-6820, two bugs that reside in the way Firefox manages its memory space.

The bugs are so-called user-after-free vulnerabilities, which allow hackers to place code inside Firefox’s memory and have it executed in the browser’s context. Such bugs can be exploited to run code on victim’s devices, although the impact and reach of such code usually varies.

Read more…
Source: ZDNet