Mozilla has rolled out another update for the Firefox browser whilst addressing serious vulnerabilities. This time, they have addressed numerous RCE vulnerabilities including an Android takeover bug.
High-Severity Vulnerabilities in Firefox 75
Mozilla recently disclosed numerous security bugs in their Firefox browser. These include several RCE vulnerabilities in Firefox and Firefox ESR.
In the case of Firefox, the most important bug was a high-severity flaw CVE-2020-6821 leading to information disclosure.
Firefox ESR also exhibited two high-severity flaws affecting Android devices. The first of these CVE-2020-6828 was an Android takeover bug. Regarding this vulnerability, Mozilla explains in its advisory,
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user’s profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.
While the second vulnerability, CVE-2020-6827, was a URI spoofing flaw affecting Firefox for Android.
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.
Mozilla confirmed that these bugs did not affect the Firefox browser for any other operating system.
Mozilla Released Fixes
Mozilla have swiftly addressed all the vulnerabilities with the release of Firefox 75 and Firefox ESR 68.7. For now, the vendors haven’t stated anything about the exploitation of these bugs. Hence, users must ensure updating their browsers (once again) to avoid any potential exploit.
This update comes a few days after the vendors patched two zero-day bugs. Those zero-day flaws, fixed with Firefox 74.0.1, were under exploit in the wild. Both of them were critical use after free bugs.
Let us know your thoughts in the comments.