Mozilla releases security updates for Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14
Hello everyone,
Mozilla has fixed several high severity security vulnerabilities in Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14. The details of the vulnerabilities fixed are as follows:| Platform | CVE ID | Vulnerability | Impact |
| Thunderbird 91 | CVE-2021-29980 | Uninitialized memory in a canvas object could have led to memory corruption | High |
| Thunderbird 91 | CVE-2021-29981 | Live range splitting could have led to conflicting assignments in the JIT | High |
| Thunderbird 91 | CVE-2021-29982 | Single bit data leak due to incorrect JIT optimization and type confusion | Low |
| Thunderbird 91 | CVE-2021-29984 | Incorrect instruction reordering during JIT optimization | High |
| Thunderbird 91 | CVE-2021-29985 | Use-after-free media channels | Moderate |
| Thunderbird 91 | CVE-2021-29986 | Race condition when resolving DNS names could have led to memory corruption | High |
| Thunderbird 91 | CVE-2021-29987 | Users could have been tricked into accepting unwanted permissions on Linux | Moderate |
| Thunderbird 91 | CVE-2021-29988 | Memory corruption as a result of incorrect style treatment | High |
| Thunderbird 91 | CVE-2021-29989 | Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 | High |
| Firefox 92 | CVE-2021-29993 | Handling custom intents could lead to crashes and UI spoofs | High |
| Firefox 92 | CVE-2021-38491 | Mixed-Content-Blocking was unable to check opaque origins | Moderate |
| Firefox 92, Firefox ESR 91.1, Firefox ESR 78.14 | CVE-2021-38492 | Navigating to `mk:` URL scheme could load Internet Explorer | Moderate |
| Firefox 92, Firefox ESR 78.14, Firefox ESR 91.1 | CVE-2021-38493 | Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 | High |
| Firefox 92 | CVE-2021-38494 | Memory safety bugs fixed in Firefox 92 | High |
| Firefox 92, Firefox ESR 91.1 | CVE-2021-38495 | Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 | High |
To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 321303 | TU-028 | Mozilla Thunderbird (78.14.0) |
| 321304 | TU-028 | Mozilla Thunderbird (91) (91.1.0) |
| 321305 | TU-028 | Mozilla Thunderbird (x64) (78.14.0) |
| 321306 | TU-028 | Mozilla Thunderbird (91) (x64) (91.1.0) |
| 321298 | TU-054 | Mozilla Firefox ESR (78.14.0) |
| 321299 | TU-054 | Mozilla Firefox ESR (91) (91.1.0) |
| 321300 | TU-054 | Mozilla Firefox ESR (x64) (78.14.0) |
| 321301 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.1.0) |
| 321296 | TU-027 | Mozilla Firefox (92.0) |
| 321302 | TU-027 | Mozilla Firefox (x64) (92.0) |
Cheers,
The ManageEngine Team