Mozilla released the emergency Firefox 74.0.1 Firefox ESR 68.6.1 version and, two errors were fixed for the management of its memory space exists.
Two vulnerabilities are CVE-2020-6819 and CVE-2020-6820, were rated as "severe." Such "user-after-free" vulnerability could allow a hacker code can be placed in Firefox's memory and execute code in the context of the browser.
Francisco Alonso security researcher discovered two vulnerabilities, but did not report more detailed information. Alonso represents is not clear whether the vulnerability is already being used, and other browsers may also be similarly affected, there will be more follow-up news release.
Obviously, the current official release patches to focus on priority, only after further investigation. Recommend that all Firefox users update fixes as soon as possible.
This was the second time this year Mozilla 0 day vulnerabilities fixed in Firefox. In January, with the release of Firefox v72.0.1, it repaired another error that could have the Chinese and Japanese users under attack.