Mozilla releases security updates for Firefox 86, Thunderbird 78.8, Firefox ESR 78.8

Mozilla releases security updates for Firefox 86, Thunderbird 78.8, Firefox ESR 78.8

Hello everyone,

Mozilla has fixed several security vulnerabilities in  Firefox 86, Thunderbird 78.8, Firefox ESR 78.8. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 86,   Thunderbird 78.8,   Firefox ESR 78.8
 CVE-2021-23968
 Content Security Policy violation report could have contained the destination of a redirect High
 Firefox 86,   Thunderbird 78.8,   Firefox ESR 78.8
 CVE-2021-23969
 Content Security Policy violation report could have contained the destination of a redirect High
 Firefox 86
 CVE-2021-23970
 Multithreaded WASM triggered assertions validating separation of script domains High
 Firefox 86
 CVE-2021-23971 
 A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer Moderate
 Firefox 86
 CVE-2021-23972
 HTTP Auth phishing warning was omitted when a redirect is cached Low
 Firefox 86,   Thunderbird 78.8,   Firefox ESR 78.8
 CVE-2021-23973
 MediaError message property could have leaked information about cross-origin resources Low
 Firefox 86
 CVE-2021-23974
 noscript elements could have led to an HTML Sanitizer bypass Moderate
 Firefox 86
 CVE-2021-23975
 about:memory Measure function caused an incorrect pointer operation Low
 Firefox 86
 CVE-2021-23976
 Local spoofing of web manifests for arbitrary pages in Firefox for Android Moderate
 Firefox 86
 CVE-2021-23977 
 Malicious application could read sensitive data from Firefox for Android's application directories Moderate
 Firefox 86,   Thunderbird 78.8,   Firefox ESR 78.8
 CVE-2021-23978
 Memory safety bugs High
 Firefox 86
 CVE-2021-23979
 Memory safety bugs fixed in Firefox 86 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 318501 TU-027 Mozilla Firefox (86.0)
 318502 TU-027 Mozilla Firefox (x64) (86.0)
 318512 TU-028 Mozilla Thunderbird (78.8.0)
 318513 TU-028 Mozilla Thunderbird (x64) (78.8.0)
 318503 TU-054 Mozilla Firefox ESR (78.8.0)
 318504 TU-054 Mozilla Firefox ESR (x64) (78.8.0)

Cheers,

The ManageEngine Team