Mozilla releases security updates for Firefox 89 and Firefox ESR 78.11

Mozilla releases security updates for Firefox 89 and Firefox ESR 78.11

Hello everyone,

Mozilla has fixed several security vulnerabilities in  Firefox 89 and Firefox ESR 78.11. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 89
 CVE-2021-29959
 Devices could be re-enabled without additional permission prompt
 Low
 Firefox 89
 CVE-2021-29960
 Filenames printed from private browsing mode incorrectly retained in preferences
 Moderate
 Firefox 89
 CVE-2021-29961
 Firefox UI spoof using `<select>` elements and CSS scaling
 Moderate
 Firefox 89
 CVE-2021-29962 
 No rate-limiting for popups on Firefox for Android
 Low
 Firefox 89
 CVE-2021-29963
 Shared cookies for search suggestions in private browsing mode
 Moderate
 Firefox 89, Firefox ESR 78.11
 CVE-2021-29964
 Out of bounds-read when parsing a `WM_COPYDATA` message
 Moderate
 Firefox 89
 CVE-2021-29965
 Password Manager on Firefox for Android susceptible to domain spoofing
 High
 Firefox 89
 CVE-2021-29966
 Memory safety bugs fixed in Firefox 89
 Moderate
 Firefox 89, Firefox ESR 78.11 
 CVE-2021-29967
 Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Desktop Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 319855
 TU-027
 Mozilla Firefox (89.0)
 319856
 TU-027
 Mozilla Firefox (x64) (89.0)
 319857
 TU-054
 Mozilla Firefox ESR (78.11.0)
 319858
 TU-054
 Mozilla Firefox ESR (x64) (78.11.0)

Cheers,

The ManageEngine Team