Hello everyone,
Mozilla has fixed several security vulnerabilities in Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10. The details of the vulnerabilities fixed are as follows:Platform | CVE ID | Vulnerability | Impact |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-23994 | Out of bound write due to lazy initialization | High |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-23995 | Use-after-free in Responsive Design Mode | High |
Firefox 88 | CVE-2021-23996 | Content rendered outside of webpage viewport | High |
Firefox 88 | CVE-2021-23997 | Use-after-free when freeing fonts from cache | High |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-23998 | Secure Lock icon could have been spoofed | Moderate |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-23999 | Blob URLs may have been granted additional privileges | Moderate |
Firefox 88 | CVE-2021-24000 | requestPointerLock() could be applied to a tab different from the visible tab | Moderate |
Firefox 88 | CVE-2021-24001 | Testing code could have enabled session history manipulations by a compromised content process | Moderate |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-24002 | Arbitrary FTP command execution on FTP servers using an encoded URL | Moderate |
Firefox 88 | CVE-2021-29944 | HTML injection vulnerability in Firefox for Android's Reader View | Low |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-29945 | Incorrect size computation in WebAssembly JIT could lead to null-reads | Moderate |
Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-29946 | Port blocking could be bypassed | Low |
Firefox 88 | CVE-2021-29947 | Memory safety bugs fixed in Firefox 88 | High |
Thunderbird 78.10 | CVE-2021-29948 | Race condition when reading from disk while verifying signatures | Low |
Firefox ESR 78.10, Thunderbird 78.10 | CVE-2021-23961 | More internal network hosts could have been probed by a malicious webpage | Moderate |
Patch ID | Bulletin ID | Patch Description |
319192 | TU-027 | Mozilla Firefox (88.0) |
319193 | TU-027 | Mozilla Firefox (x64) (88.0) |
319194 | TU-054 | Mozilla Firefox ESR (78.10.0) |
319195 | TU-054 | Mozilla Firefox ESR (x64) (78.10.0) |
319199 | TU-028 | Mozilla Thunderbird (78.10.0) |
319200 | TU-028 | Mozilla Thunderbird (x64) (78.10.0) |
Cheers,
The ManageEngine Team