Geeks for your information News Browsers News & Tips v
Firefox 74.0.1 Stable out with important security fixes
Firefox 74.0.1 Stable out with important security fixes
harlan4096 Online
MalWare Zoo Team
*******
Posts: 13,816
Threads: 9,256
Thanks Received: 8,903 in 7,082 posts
Thanks Given: 9,584
Joined: 12 September 18
#1
Information  04 April 20, 07:34
Quote:
[Image: firefox-74.0.1-1536x973.png]

Mozilla has released a new stable version of the organization's Firefox web browser on April 3, 2020. Firefox 74.0.1 Stable is a security update that patches two critical security vulnerabilities in the browser that are actively exploited in the wild. Mozilla released an update for the Extended Support Release, Firefox ESR, as well to address the vulnerabilities in that browser. Firefox ESR is upgraded to version 68.6.1 and updates are available already.

Firefox users who run the stable version of the web browser should receive update notifications when they start the browser the next time. The process can be expedited either by downloading the new stable release manually from Mozilla's official download site or by selecting Menu > Help > About Firefox to run a manual check for updates.

The release notes have been published already; they list security fixes only and no other changes. Mozilla's Security Advisories site provides additional information on the two vulnerabilities that the organization fixed in the new Firefox release:

* CVE-2020-6819: Use-after-free while running the nsDocShell destructor -- Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

* CVE-2020-6820: Use-after-free when handling a ReadableStream -- Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

It is unclear how these vulnerabilities can be exploited, only that attacks happen right now that exploit them. ReadableStream is used to read data streams, nsDocShell's issue seems to have been caused by data not being released properly.

Firefox users are encouraged to update the web browser as soon as possible to protect it from these attacks.

One of the researchers who reported the issues to Mozilla revealed on Twitter that the discovered issues might affect other browsers as well. He praised Mozilla for patching the vulnerability quickly. Whether other browsers means other Firefox-based browsers or non-Firefox browsers is unknown.

Now You: Have you updated your browser already?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  â€˘ silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Find out if an USB device is fake with f...
Fake USB devices c...harlan4096 — 08:47
Windows 11 KB5048685 Update causes Wi-Fi...
The KB5048685 Upda...harlan4096 — 12:36
Windows 11: issue may prevent further in...
The latest version...harlan4096 — 08:47
Notepad++ v8.7.5 (2024-12-25)
Notepad++ v8.7.5 (...harlan4096 — 08:16
AdGuard for Mac 2.16.2
AdGuard for Mac 2....harlan4096 — 08:13

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>