Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12

Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12

Hello everyone,
Mozilla has fixed several high severity security vulnerabilities in Firefox 90 and Firefox ESR 78.12. The details of the vulnerabilities fixed are as follows:

  Platform
 CVE ID
 Vulnerability
 Impact
 Firefox 90, Firefox ESR 78.12
 CVE-2021-29970
Use-after-free in accessibility features of a document
 High
 Firefox 90
 CVE-2021-29971
Granted permissions only compared host; omitting scheme and port on Android
 High
 Firefox 90, Firefox ESR 78.12
 CVE-2021-30547
Out of bounds write in ANGLE
 High
 Firefox 90
 CVE-2021-29972
Use of out-of-date library included use-after-free vulnerability
 Moderate
 Firefox 90
 CVE-2021-29973
Password autofill on HTTP websites was enabled without user interaction on Android
 Moderate
 Firefox 90
 CVE-2021-29974
HSTS errors could be overridden when network partitioning was enabled
 Moderate
 Firefox 90
 CVE-2021-29975
Text message could be overlaid on top of another website
 Moderate
 Firefox 90, Firefox ESR 78.12
 CVE-2021-29976
Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
 High
 Firefox 90
 CVE-2021-29977
Memory safety bugs fixed in Firefox 90
 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Desktop Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 320504
 TU-054
 Mozilla Firefox ESR (78.12.0)
 320505
 TU-054
 Mozilla Firefox ESR (x64) (78.12.0)
 320502
 TU-027
 Mozilla Firefox (90.0)
 320503
 TU-027
 Mozilla Firefox (x64) (90.0)

Cheers,

The ManageEngine Team