Mozilla releases security updates for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10

Mozilla releases security updates for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10

Hello everyone,

Mozilla has fixed several security vulnerabilities in  Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10. The details of the vulnerabilities fixed are as follows:

 Platform CVE ID Vulnerability Impact
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-23994 Out of bound write due to lazy initialization High
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-23995 Use-after-free in Responsive Design Mode High
 Firefox 88 CVE-2021-23996 Content rendered outside of webpage viewport High 
 Firefox 88 CVE-2021-23997 Use-after-free when freeing fonts from cache High
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-23998 Secure Lock icon could have been spoofed Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-23999 Blob URLs may have been granted additional privileges Moderate
 Firefox 88 CVE-2021-24000 requestPointerLock() could be applied to a tab different from the visible tab Moderate
 Firefox 88 CVE-2021-24001 Testing code could have enabled session history manipulations by a compromised content process Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL Moderate
 Firefox 88 CVE-2021-29944 HTML injection vulnerability in Firefox for Android's Reader View Low
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads Moderate
 Firefox 88, Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-29946  Port blocking could be bypassed Low
 Firefox 88 CVE-2021-29947 Memory safety bugs fixed in Firefox 88 High
 Thunderbird 78.10 CVE-2021-29948 Race condition when reading from disk while verifying signatures Low
 Firefox ESR 78.10, Thunderbird 78.10 CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage Moderate

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 319192 TU-027 Mozilla Firefox (88.0)
 319193 TU-027 Mozilla Firefox (x64) (88.0)
 319194  TU-054 Mozilla Firefox ESR (78.10.0)
 319195 TU-054 Mozilla Firefox ESR (x64) (78.10.0)
 319199 TU-028 Mozilla Thunderbird (78.10.0)
 319200 TU-028 Mozilla Thunderbird (x64) (78.10.0)

Cheers,

The ManageEngine Team