Mozilla releases security updates for Firefox 88.01, Firefox ESR 78.10.1, and Thunderbird 78.10.1
Hello everyone,
Mozilla has fixed several security vulnerabilities in Firefox 88.01, Firefox ESR 78.10.1, and Thunderbird 78.10.1. One critical vulnerability in Firefox has been fixed in this release. The details of the vulnerabilities fixed are as follows:| Platform | CVE ID | Vulnerability | Impact |
| Firefox ESR 78.10.1, Thunderbird 78.10.1 | CVE-2021-29951 | Mozilla Maintenance Service could have been started or stopped by domain users | Moderate |
| Firefox 88.01 | CVE-2021-29952 | Race condition in Web Render Components | High |
| Firefox 88.01 | CVE-2021-29953 | Universal Cross-Site Scripting | Critical |
To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 319434 | TU-054 | Mozilla Firefox ESR (78.10.1) |
| 319435 | TU-054 | Mozilla Firefox ESR (x64) (78.10.1) |
| 319444 | TU-028 | Mozilla Thunderbird (78.10.1) |
| 319445 | TU-028 | Mozilla Thunderbird (x64) (78.10.1) |
| 319454 | TU-027 | Mozilla Firefox (88.0.1) |
| 319455 | TU-027 | Mozilla Firefox (x64) (88.0.1) |
Cheers,
The ManageEngine Team