CVE-2020-6819, CVE-2020-6820: Critical Mozilla Firefox Zero-Day Vulnerabilities Exploited in the Wild
Researchers report multiple zero-day vulnerabilities in Mozilla Firefox and note that other browsers are also affected.
Background
On April 3, Mozilla Foundation published advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). The advisory includes fixes for two critical zero-day vulnerabilities, both of which were exploited in the wild as part of targeted attacks.
The discovery of these vulnerabilities was credited to security researchers Francisco Alonso and Javier Marcos. Alonso tweeted there are “more details to be published (including other browsers),” indicating these flaws likely extend to other web browsers. However, that information is currently not public, likely an effort to keep the details private until patches are available.
There is still lots of work to do and more details to be published (including other browsers). Stay tuned.
— Francisco Alonso (@revskills) April 3, 2020
As we’ve seen time and again, attackers continue to target widely installed applications such as web browsers. These latest vulnerabilities follow on the heels of another zero-day vulnerability in Mozilla Firefox exploited in the wild in January 2020.
Analisi
CVE-2020-6819 is a use-after-free vulnerability due to a race condition when the nsDocShell destructor is running. Based on the GitHub commit history for the nsDocShell.cpp file, it appears the issue exists due to the mContentViewer not being released properly.
Image source: GitHub of nsDocShell changes made to address CVE-2020-6819
CVE-2020-6820 is a use-after-free vulnerability due to a race condition in the ReadableStream class, which is used to read a stream of data.
Image source: MDN web docs
We anticipate further details about these vulnerabilities will be publicly available once the researchers publish their findings.
Proof of concept
At the time this blog post was published, there was no proof-of-concept code available for either of these vulnerabilities.
Solution
Mozilla Foundation released Mozilla Firefox 74.0.1 and Mozilla Firefox ESR 68.6.1 to address these vulnerabilities. While these vulnerabilities were exploited in targeted attacks, Firefox users are still encouraged to upgrade as soon as possible.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.
Get more information
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.
Articoli correlati
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability
August 9, 2024Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.BackgroundOn July 17, 2024, Cisco published an advisory for ...
Detecting Risky Third-party Drivers on Windows Assets
August 7, 2024Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
August 23, 2024Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!
SSRFing the Web with the Help of Copilot Studio
August 20, 2024Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
August 16, 2024NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malware, the Radar/Dispossessor ransomware gang and CVE severity assessments!
- Vulnerability Management