Mozilla releases security updates for Firefox 91 and Firefox ESR 78.13

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox 91 and Firefox ESR 78.13. The details of the vulnerabilities fixed are as follows:

Platform	CVE ID	Vulnerability	Impact
Firefox 91, Firefox ESR 78.13	CVE-2021-29980	Uninitialized memory in a canvas object could have led to memory corruption	High
Firefox 91	CVE-2021-29981	Live range splitting could have led to conflicting assignments in the JIT	High
Firefox 91	CVE-2021-29982	Single bit data leak due to incorrect JIT optimization and type confusion	Low
Firefox 91	CVE-2021-29983	Firefox for Android could get stuck in fullscreen mode	High
Firefox 91, Firefox ESR 78.13	CVE-2021-29984	Incorrect instruction reordering during JIT optimization	High
Firefox 91, Firefox ESR 78.13	CVE-2021-29985	Use-after-free media channels	Moderate
Firefox 91, Firefox ESR 78.13	CVE-2021-29986	Race condition when resolving DNS names could have led to memory corruption	High
Firefox 91	CVE-2021-29987	Users could have been tricked into accepting unwanted permissions on Linux	Moderate
Firefox 91, Firefox ESR 78.13	CVE-2021-29988	Memory corruption as a result of incorrect style treatment	High
Firefox 91, Firefox ESR 78.13	CVE-2021-29989	Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13	High
Firefox 91	CVE-2021-29990	Memory safety bugs fixed in Firefox 91	High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Patch ID	Bulletin ID	Patch Description
320915	TU-027	Mozilla Firefox (91.0)
320916	TU-027	Mozilla Firefox (x64) (91.0)
320917	TU-054	Mozilla Firefox ESR (78.13.0)
320918	TU-054	Mozilla Firefox ESR (x64) (78.13.0)