Mozilla Foundation Security Advisory 2020-11

Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1

Announced
April 3, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 74.0.1
  • Firefox ESR 68.6.1

#CVE-2020-6819: Use-after-free while running the nsDocShell destructor

Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

References

#CVE-2020-6820: Use-after-free when handling a ReadableStream

Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

References