Microsoft and Mozilla release updates to address vulnerabilities in Chromium for Edge and Firefox respectively

Microsoft and Mozilla release updates to address vulnerabilities in Chromium for Edge and Firefox respectively


Hello everyone,

Mozilla has fixed a critical security vulnerability in Firefox 85.0.1 and Firefox ESR 78.7.1. This vulnerability is due to the Buffer overflow in depth pitch calculations for compressed textures in the Angle Graphics Library. It affects only the Windows Operating system and hasn't been assigned a CVE ID yet.


Microsoft has also released an update to address CVE-2021-21148: Heap buffer overflow in V8, in Edge (Chromium based). This vulnerability is reportedly exploited in the wild.

To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the Patch IDs or Bulletin IDs relevant to the updates you want installed and deploy them to your target systems.

 

Software

Patch ID

Bulletin ID

Patch Description

Firefox

318257

TU-027

Mozilla Firefox (85.0.1)

Firefox

318258

TU-027

Mozilla Firefox (x64) (85.0.1)

Firefox ESR

318259

TU-054

Mozilla Firefox ESR (78.7.1)

Firefox ESR

318260

TU-054

Mozilla Firefox ESR (x64) (78.7.1)

Edge for Chromium

318255

TU-1035

Microsoft Edge for chromium business (88.0.705.63)

Edge for Chromium

318256

TU-1035

Microsoft Edge for chromium business (x64) (88.0.705.63)

 

Cheers,

The ManageEngine team