Mozilla releases security updates for Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14

Mozilla releases security updates for Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14. The details of the vulnerabilities fixed are as follows:

 Platform
 CVE ID
 Vulnerability
 Impact
 Thunderbird 91
 CVE-2021-29980
 Uninitialized memory in a canvas object could have led to memory corruption
 High
 Thunderbird 91
 CVE-2021-29981
 Live range splitting could have led to conflicting assignments in the JIT
 High
 Thunderbird 91
 CVE-2021-29982
 Single bit data leak due to incorrect JIT optimization and type confusion
 Low
 Thunderbird 91
 CVE-2021-29984
 Incorrect instruction reordering during JIT optimization
 High
 Thunderbird 91
 CVE-2021-29985
 Use-after-free media channels
 Moderate
 Thunderbird 91
 CVE-2021-29986
 Race condition when resolving DNS names could have led to memory corruption
 High
 Thunderbird 91
 CVE-2021-29987
 Users could have been tricked into accepting unwanted permissions on Linux
 Moderate
 Thunderbird 91
 CVE-2021-29988
 Memory corruption as a result of incorrect style treatment
 High
 Thunderbird 91
 CVE-2021-29989
 Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
 High
 Firefox 92
 CVE-2021-29993
 Handling custom intents could lead to crashes and UI spoofs
 High
 Firefox 92
 CVE-2021-38491
 Mixed-Content-Blocking was unable to check opaque origins
 Moderate
 Firefox 92, Firefox ESR 91.1, Firefox ESR 78.14
 CVE-2021-38492
 Navigating to `mk:` URL scheme could load Internet Explorer
 Moderate
 Firefox 92, Firefox ESR 78.14, Firefox ESR 91.1
 CVE-2021-38493
 Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
 High
 Firefox 92
 CVE-2021-38494
 Memory safety bugs fixed in Firefox 92
 High
 Firefox 92, Firefox ESR 91.1
 CVE-2021-38495
 Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Desktop Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 321303
 TU-028
 Mozilla Thunderbird (78.14.0)
 321304
 TU-028
 Mozilla Thunderbird (91) (91.1.0)
 321305
 TU-028
 Mozilla Thunderbird (x64) (78.14.0)
 321306
 TU-028
 Mozilla Thunderbird (91) (x64) (91.1.0)
 321298
 TU-054
 Mozilla Firefox ESR (78.14.0)
 321299
 TU-054
 Mozilla Firefox ESR (91) (91.1.0)
 321300
 TU-054
 Mozilla Firefox ESR (x64) (78.14.0)
 321301
 TU-054
 Mozilla Firefox ESR (91) (x64) (91.1.0)
 321296
 TU-027
 Mozilla Firefox (92.0)
 321302
 TU-027
 Mozilla Firefox (x64) (92.0)

Cheers,

The ManageEngine Team