Mozilla has released fixes for 2 zero-day vulnerabilities in Firefox. The fixes are available in the newly released version of the browser, Firefox 74.0.1.The updated version fixes the vulnerabilities CVE-2020-6819 and CVE-2020-6820
Vulnerability and impact
Both CVE-2020-6819 and CVE-2020-6820 are use-after-free vulnerabilities and occur due to improper memory space management by Firefox. These bugs when exploited allow the hacker to write codes into Firefox's memory and have it executed in the browser's context. Mozilla has not been forthcoming with the details of the actual attacks, but the company has urged its Firefox users to update their browsers at the earliest.
Patch these vulnerabilities with Patch Manager Plus
You can patch these vulnerabilities in no time using Patch Manager Plus. Initiate a sync between the Patch Manager Plus server and the Central Vulnerability database. After this, search for the following Patch IDs or Bulletin IDs and deploy them to the machines missing them.
Bulletin ID | Patch ID | Patch Description |
TU-027 | 313638 | Mozilla Firefox (74.0.1) |
TU-027 | 313639 | Mozilla Firefox (x64) (74.0.1) |
TU-054 | 313640 | Mozilla Firefox ESR (68.6.1) |
TU-054 | 313641 | Mozilla Firefox ESR (x64) (68.6.1) |
Cheers,
ManageEngine Team