Friday night, Mozilla pushed out a Firefox browser patch addressing an exploited security vulnerability. Impacting Firefox 74.0 and Firefox ESR 68.6.0, the two vulnerabilities have been rated as ‘critical’ by Mozilla and should be deployed immediately.
No further details have been shared by Mozilla surrounding the exploited vulnerabilities, but it can be assumed the security hole has been in the standard codebase since Firefox 68 due to its impact on both the main browser and Extended Support Release (ESR). If exploited successfully, an attacker would have the ability to remotely execute code through the browser.
- CVE-2020-6819: A use-after-free flaw caused by a race condition while running the nsDocShell destructor
- CVE-2020-6820: A use-after-free caused by a race condition when handling a ReadableStream
Your Plan of Attack? Update and Patch Now!
The most effective way to keep Firefox fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third-party apps as soon as they become available is the best way to prevent an exploit. The new, protected versions of Firefox 74.0.1 and Firefox ESR 68.6.1 are available now.
If you’ve already updated and have Automox policies in place, you should be secure. If not, we can help. Click here to learn how to create a patch policy in the Automox console.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.