Mozilla releases security updates for Firefox 85, Thunderbird 78.7, Firefox ESR 78.7

Mozilla releases security updates for Firefox 85, Thunderbird 78.7, Firefox ESR 78.7

Hello everyone, 

‚Äč
Mozilla has fixed several security vulnerabilities in Firefox 85, Thunderbird 78.7, Firefox ESR 78.7. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 85, Thunderbird   78.7, Firefox ESR 78.7
 CVE-2021-23953
 Cross-origin information leakage via redirected PDF requests
 High
 Firefox 85, Thunderbird   78.7, Firefox ESR 78.7
 CVE-2021-23954
 Type confusion when using logical assignment operators in JavaScript switch statements
 High
 Firefox 85
 CVE-2021-23955
 Clickjacking across tabs through misusing requestPointerLock
 High
 Firefox 85
 CVE-2021-23956
 File picker dialog could have been used to disclose a complete directory
 Moderate
 Firefox 85
 CVE-2021-23957
 Iframe sandbox could have been bypassed on Android via the intent URL scheme
 Moderate
 Firefox 85
 CVE-2021-23958
 Screen sharing permission leaked across tabs
 Moderate
 Firefox 85
 CVE-2021-23959
 Cross-Site Scripting in error pages on Firefox for Android
 Moderate
 Firefox 85, Thunderbird   78.7, Firefox ESR 78.7
 CVE-2021-23960
 Use-after-poison for incorrectly redeclared JavaScript variables during GC
 Moderate
 Firefox 85
 CVE-2021-23961
 More internal network hosts could have been probed by a malicious webpage
 Moderate 
 Firefox 85
 CVE-2021-23962
 Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</code>
 Low
 Firefox 85
 CVE-2021-23963
 Permission prompt inaccessible after asking for additional permissions
 Low
 Firefox 85, Thunderbird   78.7, Firefox ESR 78.7
 CVE-2021-23964
 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7  
 High
 Firefox 85
 CVE-2021-23965
 Memory safety bugs fixed in Firefox 85
 High
 Thunderbird 78.7
 CVE-2020-15685
 IMAP Response Injection when using STARTTLS
 Moderate
 Thunderbird 78.7,   Firefox ESR 78.7
 CVE-2020-26976
 HTTPS pages could have been intercepted by a registered service worker when they should not have been
 Moderate

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 318090
 TU-027
 Mozilla Firefox (85.0)
 318091 
 TU-027
 Mozilla Firefox (x64) (85.0)
 318094 
 TU-028
 Mozilla Thunderbird (78.7.0)
 318095
 TU-028
 Mozilla Thunderbird (x64) (78.7.0)
 318092
 TU-054
 Mozilla Firefox ESR (78.7.0)
 318093
 TU-054
 Mozilla Firefox ESR (x64) (78.7.0)

Cheers,
The ManageEngine Team