Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox 90 and Firefox ESR 78.12. The details of the vulnerabilities fixed are as follows:

Platform	CVE ID	Vulnerability	Impact
Firefox 90, Firefox ESR 78.12	CVE-2021-29970	Use-after-free in accessibility features of a document	High
Firefox 90	CVE-2021-29971	Granted permissions only compared host; omitting scheme and port on Android	High
Firefox 90, Firefox ESR 78.12	CVE-2021-30547	Out of bounds write in ANGLE	High
Firefox 90	CVE-2021-29972	Use of out-of-date library included use-after-free vulnerability	Moderate
Firefox 90	CVE-2021-29973	Password autofill on HTTP websites was enabled without user interaction on Android	Moderate
Firefox 90	CVE-2021-29974	HSTS errors could be overridden when network partitioning was enabled	Moderate
Firefox 90	CVE-2021-29975	Text message could be overlaid on top of another website	Moderate
Firefox 90, Firefox ESR 78.12	CVE-2021-29976	Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12	High
Firefox 90	CVE-2021-29977	Memory safety bugs fixed in Firefox 90	High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Desktop Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Patch ID	Bulletin ID	Patch Description
320504	TU-054	Mozilla Firefox ESR (78.12.0)
320505	TU-054	Mozilla Firefox ESR (x64) (78.12.0)
320502	TU-027	Mozilla Firefox (90.0)
320503	TU-027	Mozilla Firefox (x64) (90.0)