A URL mPath vulnerability for Mozilla Firefox version 76.0.2 x64 and Firefox Nightly version 78.0a1 x64 was recently found by Cisco Talos. In order to exploit the vulnerability, an attacker would need to create a specially crafted webpage and get a potential victim to visit through the browser. A URL object leads to the out of bounds read and gives attackers the ability to use leaked memory to go around ASLR along with other vulnerabilities and eventually obtain arbitrary code execution. Mozilla and Cisco Talos worked closely together after disclosing the vulnerability and Mozilla has already released a patch for Firefox.
Analyst Notes
Anyone using the affected versions (Mozilla Firefox version 76.0.2 x64 and Firefox Nightly version 78.0a1 x64) should download any patches that become available. Users may also want to use SNORT rules 54265 and 54266, which will detect exploitation attempts in network traffic.
Source: https://blog.talosintelligence.com/2020/07/vuln-spotlight-firefox-information-leak-july-2020.html
