Hello everyone,
Mozilla has fixed several high severity security vulnerabilities in Firefox 94, Firefox ESR 91.3, and Thunderbird 91.3. The details of the vulnerabilities fixed are as follows:Platform | CVE ID | Vulnerability | Impact |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38503 | iframe sandbox rules did not apply to XSLT stylesheets | High |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38504 | Use-after-free in file picker dialog | High |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38505 | Windows 10 Cloud Clipboard may have recorded sensitive user data | High |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38506 | Firefox could be coaxed into going into fullscreen mode without notification or warning | High |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38507 | Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports | High |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38508 | Permission Prompt could be overlaid, resulting in user confusion and potential spoofing | Moderate |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38509 | Javascript alert box could have been spoofed onto an arbitrary domain | Moderate |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | CVE-2021-38510 | Download Protections were bypassed by .inetloc files on Mac OS | Moderate |
Firefox 94 | MOZ-2021-0003 | Universal XSS in Firefox for Android via QR Code URLs | High |
Firefox 94 | MOZ-2021-0004 | Web Extensions could access pre-redirect URL when their context menu was triggered by a user | Moderate |
Firefox 94 | MOZ-2021-0005 | 'Copy Image Link' context menu action could have been abused to see authentication tokens | Low |
Firefox 94 | MOZ-2021-0006 | URL Parsing may incorrectly parse internationalized domains | Low |
Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | MOZ-2021-0007 | Memory safety bugs fixed in Firefox 94, Firefox ESR 91.3, Thunderbird 91.3 | High |
Firefox ESR 91.3, Thunderbird 91.3 | MOZ-2021-0008 | Use-after-free in HTTP2 Session object | High |
Patch ID | Bulletin ID | Patch Description |
322240 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.3.0) |
322239 | TU-054 | Mozilla Firefox ESR (91) (91.3.0) |
322237 | TU-027 | Mozilla Firefox (94.0) |
322238 | TU-027 | Mozilla Firefox (x64) (94.0) |
322244 | TU-028 | Mozilla Thunderbird (91) (91.3.0) |
322245 | TU-028 | Mozilla Thunderbird (91) (x64) (91.3.0) |
Cheers,
The ManageEngine Team