Mozilla releases security updates for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10

Mozilla releases security updates for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10

Hello everyone,

Mozilla has fixed several security vulnerabilities in  Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-23994
 Out of bound write due to lazy initialization
 High
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-23995
 Use-after-free in Responsive Design Mode
 High
 Firefox 88
 CVE-2021-23996
 Content rendered outside of webpage viewport
 High 
 Firefox 88
 CVE-2021-23997
 Use-after-free when freeing fonts from cache
 High
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-23998
 Secure Lock icon could have been spoofed
 Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-23999
 Blob URLs may have been granted additional privileges
 Moderate
 Firefox 88
 CVE-2021-24000
 requestPointerLock() could be applied to a tab different from the visible tab
 Moderate
 Firefox 88
 CVE-2021-24001
 Testing code could have enabled session history manipulations by a compromised content process
 Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-24002
 Arbitrary FTP command execution on FTP servers using an encoded URL
 Moderate
 Firefox 88
 CVE-2021-29944
 HTML injection vulnerability in Firefox for Android's Reader View
 Low
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-29945
 Incorrect size computation in WebAssembly JIT could lead to null-reads
 Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-29946 
 Port blocking could be bypassed
 Low
 Firefox 88
 CVE-2021-29947
 Memory safety bugs fixed in Firefox 88
 High
 Thunderbird 78.10
 CVE-2021-29948
 Race condition when reading from disk while verifying signatures
 Low
 Firefox ESR 78.10, Thunderbird 78.10
 CVE-2021-23961
 More internal network hosts could have been probed by a malicious webpage
 Moderate

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Desktop Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 319192
 TU-027
 Mozilla Firefox (88.0)
 319193
 TU-027
 Mozilla Firefox (x64) (88.0)
 319194 
 TU-054
 Mozilla Firefox ESR (78.10.0)
 319195
 TU-054
 Mozilla Firefox ESR (x64) (78.10.0)
 319199
 TU-028
 Mozilla Thunderbird (78.10.0)
 319200
 TU-028
 Mozilla Thunderbird (x64) (78.10.0)

Cheers,

The ManageEngine Team 
 


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products