Firefox Patched two Zero-days Exploited in the wild
Critical Zero-days fixes in Firefox browser, update now.
On the security advisory team wrote that they have already observed the exploration of these vulnerabilities. Both the bugs were identified as CVE-2020-6819 and CVE-2020-6820.
Both these bugs were patched on 74.0.1 of the current Firefox browser and version 68.6.1 of the ESR branch of Firefox and in all platforms including Windows, MacOS and Linux.
Users are recommended to immediately update there browser as attacks are already in action.
The vulnerabilities were reported by Francisco Alonso from revskills and Javier Marcos from JMPSec. They concern possible race conditions when using the nsDocShell destructor and when using a ReadableStream.
At the meantime there is no future details about the bug, but researcher points out that other browsers may also be affected.