Mozilla releases security updates for Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14

Mozilla releases security updates for Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox 92, Firefox ESR 91.1, Thunderbird 91, Firefox ESR 78.14, and Thunderbird 78.14. The details of the vulnerabilities fixed are as follows:

 Platform CVE ID Vulnerability Impact
 Thunderbird 91 CVE-2021-29980 Uninitialized memory in a canvas object could have led to memory corruption High
 Thunderbird 91 CVE-2021-29981 Live range splitting could have led to conflicting assignments in the JIT High
 Thunderbird 91 CVE-2021-29982 Single bit data leak due to incorrect JIT optimization and type confusion Low
 Thunderbird 91 CVE-2021-29984 Incorrect instruction reordering during JIT optimization High
 Thunderbird 91 CVE-2021-29985 Use-after-free media channels Moderate
 Thunderbird 91 CVE-2021-29986 Race condition when resolving DNS names could have led to memory corruption High
 Thunderbird 91 CVE-2021-29987 Users could have been tricked into accepting unwanted permissions on Linux Moderate
 Thunderbird 91 CVE-2021-29988 Memory corruption as a result of incorrect style treatment High
 Thunderbird 91 CVE-2021-29989 Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 High
 Firefox 92 CVE-2021-29993 Handling custom intents could lead to crashes and UI spoofs High
 Firefox 92 CVE-2021-38491 Mixed-Content-Blocking was unable to check opaque origins Moderate
 Firefox 92, Firefox ESR 91.1, Firefox ESR 78.14 CVE-2021-38492 Navigating to `mk:` URL scheme could load Internet Explorer Moderate
 Firefox 92, Firefox ESR 78.14, Firefox ESR 91.1 CVE-2021-38493 Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 High
 Firefox 92 CVE-2021-38494 Memory safety bugs fixed in Firefox 92 High
 Firefox 92, Firefox ESR 91.1 CVE-2021-38495 Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 321303 TU-028 Mozilla Thunderbird (78.14.0)
 321304 TU-028 Mozilla Thunderbird (91) (91.1.0)
 321305 TU-028 Mozilla Thunderbird (x64) (78.14.0)
 321306 TU-028 Mozilla Thunderbird (91) (x64) (91.1.0)
 321298 TU-054 Mozilla Firefox ESR (78.14.0)
 321299 TU-054 Mozilla Firefox ESR (91) (91.1.0)
 321300 TU-054 Mozilla Firefox ESR (x64) (78.14.0)
 321301 TU-054 Mozilla Firefox ESR (91) (x64) (91.1.0)
 321296 TU-027 Mozilla Firefox (92.0)
 321302 TU-027 Mozilla Firefox (x64) (92.0)

Cheers,

The ManageEngine Team