Mozilla and Google release second batch of patches in one week
scmagazine | April 09, 2020
Mozilla and Google each took the unusual step of rolling out a second wave of security updates in less than a week. Mozilla covered six issues while Google had 32 to secure. Mozilla’s latest patches again cover Firefox 74 and Firefox ESR ESR 68.6, but unlike the flaws addressed in the earlier update, these vulnerabilities are not being exploited in the wild. The latest batch covers six issues: the high-rated CVE-2020-6826, CVE-2020-6825 and CVE-2020-6821, and the moderate-rated CVE-2020-6822, CVE-2020-6823 and CVE-2020-6824.CVE-2020-6826, CVE-2020-6825 patch memory safety bugs, found in both Firefox and Firefox ESR, that could be exploited to run arbitrary code. CVE-2020-6821 covers a problem where uninitialized memory could be read when using the WebGL copyTexSubImage method, potentially leading to sensitive data disclosure.