Firefox users should immediately update their browsers to version 74.0.1 to fix two bugs currently being exploited by hackers.
The updated version is here, in the announcement of the new Firefox 74.0.1, which was officially released late last night. THE new edition του Firefox συμπεριλαμβάνει ενημερώσεις για τις vulnerabilities CVE-2020-6819 and CVE-2020-6820,. Both exist in the way Firefox manages its memory space.
Bugs are so-called user-after-free vulnerabilities, and allow hackers to place code in Firefox memory and run it in the browser environment. Such errors can be used to execute code on the victim's devices, although the implications and scope of such an exploit usually vary from system to system.
Details of the attacks that have been carried out exploiting these two bugs still remain unknown – a common practice among software developers and researchers better safetys, as they focus first on patch development and then on attack investigation.
Η Mozilla gave credits to the company JMP Security and security researcher Francisco Alonso for the discovery of the two 0days.
In a tweet he posted today, Alonso said the bugs discovered could affect other browsers, though it is not known if they have been exploited yet.
This update fixes the second 0days in Firefox this year. It was preceded by another in January, with the release of Firefox 72.0.1. The bug was used to attack users in China and Japan as part of a government-sponsored cyber-espionage campaign, according to Qihoo 360 and Japan CERT.