Last month, Mozilla released Firefox 74.0 and Firefox ESR 68.6.0. These versions of the web browser include quite a number of security fixes, but they also contain two security vulnerabilities that were unknown to the developers at the time of release. Two JMP Security researchers, Francisco Alonso and Javier Marcos, discovered the vulnerabilities and reported them to Mozilla. The two vulnerabilities are now registered in the National Vulnerability Database and the Common Vulnerabilities and Exposures system as CVE-2020-6819 and CVE-2020-6820.
Mozilla has now released Firefox 74.0.1 and Firefox ESR 68.6.1, which both contain patches for the two security vulnerabilities. According to Mozilla’s security advisory, these vulnerabilities have been exploited by attackers. A statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urges Firefox users to update to Firefox 74.0.1 and Firefox ESR 68.6.1.