High
CVE-2020-6819
This bug is a use-after free vulnerability tied to the browser component “nsDocShell destructor”. The Firefox nsDocShell is a client of the nsI-HttpChannel API, a function of the browser related to reading HTTP headers.
CVE-2020-6820
The attackers are targeting the Firefox browser component ReadableStream, an interface of the Streams API. The Streams API is “responsible for breaking a resource that you want to receive over a network down into small chunks,”
These vulnerabilities are currently being exploited in the wild.
Arbitrary code execution
Mozilla
Update to fixed versions.
Firefox 74.0.1 and Firefox ESR 68.6.1
https://support.mozilla.org/en-US/kb/update-firefox-latest-release