Mozilla developers released an updated version Firefox 74.0.1, where they fixed two fresh problems that hackers had already exploited. All users are encouraged to upgrade as soon as possible.
New version of Firefox includes fixes for critical vulnerabilities CVE-2020-6819 and CVE-2020-6820. Both problems relate to the use-after-free class and are related to how Firefox uses its own memory space. In essence, vulnerabilities allow hackers to place code in Firefox’s memory and execute it in a browser context. Typically, such bugs are used to execute code on victims' devices, although the impact and scope of vulnerabilities may vary. In this case, errors affect the versions of Firefox that run on Windows, macOS, and Linux.
“Depending on the privileges of the user, an attacker can install programs; View, modify or delete data Create new accounts with full user rights. Users whose accounts are configured for fewer rights may be less affected than those who work with administrator rights, ”reads the official security bulletin.
So far, developers have not reported details about which attacks used 0-day data. Mozilla was thanked by security professionals Francisco Alonso and Javier Marcos of JMP Security for identifying and resolving issues.
Interestingly, Alonso writes on his Twitter that the discovered vulnerabilities can also affect other browsers, although it is not yet known which ones and how.
There is still lots of work to do and more details to be published (including other browsers). Stay tuned.
– Francisco Alonso (@revskills) April 3, 2020