Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2020-11

Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1

Announced
April 3, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 74.0.1
  • Firefox ESR 68.6.1

#CVE-2020-6819: Use-after-free while running the nsDocShell destructor

Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

References

#CVE-2020-6820: Use-after-free when handling a ReadableStream

Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

References