Security News > 2020 > April > Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild.

Both bugs have critical ratings and allow remote attackers to execute arbitrary code or trigger crashes on machines running versions of Firefox prior to 74.0.1 and its business-friendly Firefox Extended Support Release 68.6.1.

The bugs impact Firefox browser versions running on Windows, macOS and Linux operating systems.

The Firefox nsDocShell is a client of the nsI-HttpChannel API, a function of the browser related to reading HTTP headers.

Patches are available for multiple version of the Firefox browser including: Firefox 74.0.1 for Windows 64-bit, Firefox 74.0.1 for Windows 32-bit, Firefox 74.0.1 for macOS, Firefox 74.0.1 for Linux 64-bit and Firefox 74.0.1 for Linux 32-bit.

News URL

https://threatpost.com/firefox-zero-day-flaws-exploited-in-the-wild-get-patched/154466/