November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Formbook delivered by Covid-19 lure
April 3, 2020Rewterz Threat Alert – NetWire RAT Installed via Malspam Campaign
April 6, 2020Rewterz Threat Alert – Formbook delivered by Covid-19 lure
April 3, 2020Rewterz Threat Alert – NetWire RAT Installed via Malspam Campaign
April 6, 2020
Severity
High
Analysis Summary
CVE-2020-6819
This bug is a use-after free vulnerability tied to the browser component “nsDocShell destructor”. The Firefox nsDocShell is a client of the nsI-HttpChannel API, a function of the browser related to reading HTTP headers.
CVE-2020-6820
The attackers are targeting the Firefox browser component ReadableStream, an interface of the Streams API. The Streams API is “responsible for breaking a resource that you want to receive over a network down into small chunks,”
These vulnerabilities are currently being exploited in the wild.
Impact
Arbitrary code execution
Affected Vendors
Mozilla
Affected Products
- Firefox
- Firefox ESR
Remediation
Update to fixed versions.
Firefox 74.0.1 and Firefox ESR 68.6.1
https://support.mozilla.org/en-US/kb/update-firefox-latest-release