SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Mozilla releases fixes for two use-after-free vulnerabilities in Firefox
Description: Mozilla released patches for two use-after-free vulnerabilities in its Firefox web browser. The company said it saw attackers actively exploiting bugs in the wild, which caused them to release the emergency updates. In both cases, a race condition in the browser can cause a use-after-free condition, though Mozilla has not provided information on how, exactly, these vulnerabilities were used in attacks.
Reference: https://duo.com/decipher/mozilla-fixes-two-firefox-flaws-under-active-attack
Snort SIDs: 53580, 53581
Title: Critical CODESYS vulnerability could allow attacker to crash server, execute remote code
Description: A critical bug in 3S' CODESYS automation software could allow an attacker to crash an affected server or execute remote code on the web server. 3S released a patch for the vulnerability, identified as CVE-2020-10245, which received a severity score of 10 out of 10. The bug is a heap-based buffer overflow in the software that could cause a denial of service.
Reference: https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/
Snort SIDs: 53557, 53558