Rewterz Threat Advisory – Multiple Vulnerabilities in Firefox Exploited in the Wild

Rewterz Threat Alert – Formbook delivered by Covid-19 lure

April 3, 2020

Rewterz Threat Alert – NetWire RAT Installed via Malspam Campaign

April 6, 2020

Rewterz Threat Advisory – Multiple Vulnerabilities in Firefox Exploited in the Wild

Severity

High

Analysis Summary

CVE-2020-6819

This bug is a use-after free vulnerability tied to the browser component “nsDocShell destructor”. The Firefox nsDocShell is a client of the nsI-HttpChannel API, a function of the browser related to reading HTTP headers.

CVE-2020-6820

The attackers are targeting the Firefox browser component ReadableStream, an interface of the Streams API. The Streams API is “responsible for breaking a resource that you want to receive over a network down into small chunks,”

These vulnerabilities are currently being exploited in the wild.

Impact

Arbitrary code execution

Affected Vendors

Mozilla

Affected Products

Firefox
Firefox ESR

Remediation

Update to fixed versions.

Firefox 74.0.1 and Firefox ESR 68.6.1

https://support.mozilla.org/en-US/kb/update-firefox-latest-release

Rewterz Threat Alert – Formbook delivered by Covid-19 lure

Rewterz Threat Alert – NetWire RAT Installed via Malspam Campaign

Rewterz Threat Advisory – Multiple Vulnerabilities in Firefox Exploited in the Wild

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan