TTCSIRT-303.040820: TT-CSIRT ADVISORY- MOZILLA FOUNDATION SECURITY ADVISORY

TTCSIRT-303.040820: TT-CSIRT ADVISORY- MOZILLA FOUNDATION SECURITY ADVISORY

Be advised that security vulnerabilities were fixed in Firefox 74.0.1 and Firefox ESR 68.6.1

It should be noted that under certain conditions, when running the nsDocShell destructor and ReadableStream, a race condition can cause a use-after-free. Mozilla are aware of targeted attacks in the wild abusing this flaw.

The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review and apply the necessary updates.

Kindly review the following link for further reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/