There are two critical gaps in the Firefox web browser that are already being exploited by attackers. An update is ready and you should install it immediately.
The Mozilla Foundation points out two vulnerabilities classified as ‘critical’ in the current versions of their web browser Firefox. The two vulnerabilities are of the ‘use-after-free’ type and can be in use to execute an attacker’s code in the browser on the user’s system.
Firefox has fixed two dangerous vulnerabilities
The message says that attacks that exploit these Firefox gaps are already being observed – that’s why users should install an update as soon as possible. The two gaps have the CVE numbers 2020-6819 and 2020-6820. In version 74.0.1 of the current Firefox browser and version 68.6.1 of the ESR branch of Firefox, the vulnerabilities have been closed (in all operating systems: Windows, macOS and Linux).
The gaps were reported by Francisco Alonso from revskills and Javier Marcos from JMPSec. This latter adds that other browsers may also be affected. There are currently no further details on the vulnerabilities, but they should be available soon.
It is worth mentioning that Coronavirus is a serious problem when we talk about cybersecurity. Email spammers used COVID-19 to convince people to download malicious attachments. Other fraudsters have set up tens of thousands of websites with pandemic domain names. There are also applications and programs that attack computers and smartphones. We also can’t forget about fraudulent SMSs. So in this period we should pay more attention that before to guarantee the safety of our devices.
Yesterday, we had reported that experts have noticed a malware that can steal and destroys data from affected users and overwrites the MBR (Master Boot Record), which prevents the system from starting normally. ZDNet has reported that security researchers have managed to identify at least five malware strains that affect Windows PCs.