Mozilla has pushed Firefox 74.0.1 along with the related security advisory. The new update, which users are advised to apply soon, comes with fixes for two critical zero-day vulnerabilities. The new patches are also available for Firefox 68 users with version 68.6.1. Normally, the update will apply automatically, but you can go to the hamburger menu > Help > About Firefox and apply the patch manually.
Both flaws that were patched can cause a use-after-free which is a type of memory corruption flaw that can be used by hackers to execute arbitrary code. Both CVE-2020-6819 and CVE 2020-6820 are being exploited in the wild, therefore, users should apply the patches hastily to ensure their system isn’t compromised.
Francisco Alonso, one of those who reported the exploits to Mozilla, congratulated the firm for fixing the exploits so quickly despite the on-going coronavirus epidemic which is causing workers all around the world to work from home. Alonso also confirmed that there’s still more work to do to tackle these exploits as they affect other web browsers. He said that more details will be published soon.
Last year, Mozilla announced that it was moving to a monthly release cycle for Firefox updates. The next big release will be version 75, due on April 7. According to the Firefox 75 beta release notes, the update will improve HTTPS compatibility with misconfigured web servers and will come with the revamped address bar that will supposedly allow you to type less.