Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12
Hello everyone,
Mozilla has fixed several high severity security vulnerabilities in Firefox 90 and Firefox ESR 78.12. The details of the vulnerabilities fixed are as follows:
| Platform | CVE ID | Vulnerability | Impact |
| Firefox 90, Firefox ESR 78.12 | CVE-2021-29970 | Use-after-free in accessibility features of a document | High |
| Firefox 90 | CVE-2021-29971 | Granted permissions only compared host; omitting scheme and port on Android | High |
| Firefox 90, Firefox ESR 78.12 | CVE-2021-30547 | Out of bounds write in ANGLE | High |
| Firefox 90 | CVE-2021-29972 | Use of out-of-date library included use-after-free vulnerability | Moderate |
| Firefox 90 | CVE-2021-29973 | Password autofill on HTTP websites was enabled without user interaction on Android | Moderate |
| Firefox 90 | CVE-2021-29974 | HSTS errors could be overridden when network partitioning was enabled | Moderate |
| Firefox 90 | CVE-2021-29975 | Text message could be overlaid on top of another website | Moderate |
| Firefox 90, Firefox ESR 78.12 | CVE-2021-29976 | Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 | High |
| Firefox 90 | CVE-2021-29977 | Memory safety bugs fixed in Firefox 90 | High |
| Patch ID | Bulletin ID | Patch Description |
| 320504 | TU-054 | Mozilla Firefox ESR (78.12.0) |
| 320505 | TU-054 | Mozilla Firefox ESR (x64) (78.12.0) |
| 320502 | TU-027 | Mozilla Firefox (90.0) |
| 320503 | TU-027 | Mozilla Firefox (x64) (90.0) |
Cheers,
The ManageEngine Team