Mozilla releases security updates for Firefox 87 and Firefox ESR 78.9

Mozilla releases security updates for Firefox 87 and Firefox ESR 78.9

Hello everyone,

Mozilla has fixed several security vulnerabilities in  Firefox 87 and Firefox ESR 78.9. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 87, Firefox ESR 78.9
 CVE-2021-23981
 Texture upload into an unbound backing buffer resulted in an out-of-bound read
 High
 Firefox 87, Firefox ESR 78.9
 CVE-2021-23982 
 Internal network hosts could have been probed by a malicious webpage
 Moderate
 Firefox 87, Firefox ESR 78.9
 CVE-2021-23984
 Malicious extensions could have spoofed popup information
 Moderate
 Firefox 87, Firefox ESR 78.9
 CVE-2021-23987
 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
 High
 Firefox 87
 CVE-2021-23983
 Transitions for invalid ::marker properties resulted in memory corruption
 Moderate
 Firefox 87
 CVE-2021-23985 
 Devtools remote debugging feature could have been enabled without indication to the user
 Low
 Firefox 87
 CVE-2021-23986
 A malicious extension could have performed credential-less same origin policy violations
 Low
 Firefox 87
 CVE-2021-23988
 Memory safety bugs fixed in Firefox 87
 Moderate

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 318845
 TU-027
 Mozilla Firefox (87.0)
 318846
 TU-027
 Mozilla Firefox (x64) (87.0)
 318847
 TU-054
 Mozilla Firefox ESR (78.9.0)
 318848
 TU-054
 Mozilla Firefox ESR (x64) (78.9.0)


Cheers,
The ManageEngine Team