Mozilla releases security updates for Firefox 87 and Firefox ESR 78.9
Hello everyone,
Mozilla has fixed several security vulnerabilities in Firefox 87 and Firefox ESR 78.9. The details of the vulnerabilities fixed are as follows:
| Platform | CVE ID | Vulnerability | Impact |
| Firefox 87, Firefox ESR 78.9 | CVE-2021-23981 | Texture upload into an unbound backing buffer resulted in an out-of-bound read | High |
| Firefox 87, Firefox ESR 78.9 | CVE-2021-23982 | Internal network hosts could have been probed by a malicious webpage | Moderate |
| Firefox 87, Firefox ESR 78.9 | CVE-2021-23984 | Malicious extensions could have spoofed popup information | Moderate |
| Firefox 87, Firefox ESR 78.9 | CVE-2021-23987 | Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 | High |
| Firefox 87 | CVE-2021-23983 | Transitions for invalid ::marker properties resulted in memory corruption | Moderate |
| Firefox 87 | CVE-2021-23985 | Devtools remote debugging feature could have been enabled without indication to the user | Low |
| Firefox 87 | CVE-2021-23986 | A malicious extension could have performed credential-less same origin policy violations | Low |
| Firefox 87 | CVE-2021-23988 | Memory safety bugs fixed in Firefox 87 | Moderate |
To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 318845 | TU-027 | Mozilla Firefox (87.0) |
| 318846 | TU-027 | Mozilla Firefox (x64) (87.0) |
| 318847 | TU-054 | Mozilla Firefox ESR (78.9.0) |
| 318848 | TU-054 | Mozilla Firefox ESR (x64) (78.9.0) |
Cheers,
The ManageEngine Team