Mozilla patched two critical security issues in Firefox and Firefox ESR that are being abused in the wild.

CVE-2020-6819 and CVE-2020-6820 each involve a race condition that can be exploited to exploited to create a use after free condition. The former vulnerability takes place when running the nsDocShell destructor and the latter when handling a ReadableStream.

Mozilla has included fixes for both flaws in the latest version of the software, Firefox 74.0.1 and Firefox ESR 68.6.1.