Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)

Summary:

In the first week of April, amidst of global lockdown environment, Mozilla Foundation had to publish advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). Firefox gets fixes for two zero-days exploited in the wild. The frequency of exploiting browsers, particularly mozilla has been trending since the start of this year.

Description:

CVE-2020-6819: Use-after-free while running the nsDocShell destructor. It is a use-after-free vulnerability due to a race condition when the nsDocShell destructor is running. Based on the GitHub commit history for the nsDocShell.cpp file, it appears the issue exists due to the mContentViewer not being released properly. Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

CVE-2020-6820 is a use-after-free vulnerability due to a race condition in the ReadableStream class, which is used to read a stream of data.

The user-after-free vulnerabilities, allows to insert code inside Firefox’s memory and have it executed in the browser. On victim’s devices, the impact may vary from low to high.

Affected Products:

Versions Prior to Firefox 74.0.1.

Versions Prior Firefox ESR 68.6.1

Advisory:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

Mitigation:

Mozilla foundation has updated the patch and released for CVE-2020-6819, CVE-2020-6820.

Qualys customers can scan their network with QID(s)# 372481,177733, 197834 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:

  • https://github.com/MrAlex94/Waterfox/issues/1520
  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

Leave a Reply

Your email address will not be published. Required fields are marked *