Mozilla Releases Security Updates for Firefox
- 01 Nov 2022
- Germaine Pieper
Mozilla has released security updates for Firefox. The updates address critical vulnerabilities that could allow an attacker to take control of an affected system.
Command Mozilla is urging all users to update to the latest version of Firefox as soon as possible. The updates address two critical vulnerabilities, CVE-2020-6819 and CVE-2020-6820. Both vulnerabilities are use-after-free bugs that can be exploited to run arbitrary code on the affected system.
The CVE-2020-6819 vulnerability is known to be exploited in the wild, and Mozilla is aware of reports that the CVE-2020-6820 vulnerability is being exploited in the wild as well.
Mozilla has also released security updates for Firefox ESR and Firefox ESR 60.8.0.
These updates address the same two critical vulnerabilities. However, they also address a high-severity vulnerability, CVE-2020-6821. This is a type of confusion bug that can be exploited to run arbitrary code on the affected system.
Mozilla is urging all users of Firefox ESR and Firefox ESR 60.8.0 to update to the latest versions as soon as possible.
Mozilla has also released an update for Thunderbird. The update addresses a critical vulnerability, CVE-2020-6822. This is a use-after-free bug that can be exploited to run arbitrary code on the affected system.
Mozilla is urging all users of Thunderbird to update to the latest version as soon as possible.
The CVE-2020-6819 and CVE-2020-6820 vulnerabilities were discovered by Mozilla security researchers Samuel Gross and Nicolas Silva. The CVE-2020-6821 vulnerability was discovered by Mozilla security researcher Manfred Paul. The CVE-2020-6822 vulnerability was discovered by Mozilla security researcher Holger Fuhrmannek.
Mozilla recommends that users update to the latest version of Firefox. The updates are available for Windows, Mac, Linux, and Android.
The most severe of the vulnerabilities could allow for arbitrary code execution if a user opened a specially crafted PDF file. Other vulnerabilities could lead to denial of service attacks or information leakage.
Mozilla has rated these vulnerabilities as "critical" and urges users to update as soon as possible. More information on security updates is available in the security advisory.
As always, we recommend that users keep their software up to date. Updates to Firefox can be found by visiting the About Firefox page. Users can also set their browser to update automatically.
Mozilla would like to thank the researchers for their contributions.