Mozilla releases security updates for Firefox 89 and Firefox ESR 78.11
Hello everyone,
Mozilla has fixed several security vulnerabilities in Firefox 89 and Firefox ESR 78.11. The details of the vulnerabilities fixed are as follows:| Platform | CVE ID | Vulnerability | Impact |
| Firefox 89 | CVE-2021-29959 | Devices could be re-enabled without additional permission prompt | Low |
| Firefox 89 | CVE-2021-29960 | Filenames printed from private browsing mode incorrectly retained in preferences | Moderate |
| Firefox 89 | CVE-2021-29961 | Firefox UI spoof using `<select>` elements and CSS scaling | Moderate |
| Firefox 89 | CVE-2021-29962 | No rate-limiting for popups on Firefox for Android | Low |
| Firefox 89 | CVE-2021-29963 | Shared cookies for search suggestions in private browsing mode | Moderate |
| Firefox 89, Firefox ESR 78.11 | CVE-2021-29964 | Out of bounds-read when parsing a `WM_COPYDATA` message | Moderate |
| Firefox 89 | CVE-2021-29965 | Password Manager on Firefox for Android susceptible to domain spoofing | High |
| Firefox 89 | CVE-2021-29966 | Memory safety bugs fixed in Firefox 89 | Moderate |
| Firefox 89, Firefox ESR 78.11 | CVE-2021-29967 | Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 | High |
To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 319855 | TU-027 | Mozilla Firefox (89.0) |
| 319856 | TU-027 | Mozilla Firefox (x64) (89.0) |
| 319857 | TU-054 | Mozilla Firefox ESR (78.11.0) |
| 319858 | TU-054 | Mozilla Firefox ESR (x64) (78.11.0) |
Cheers,
The ManageEngine Team