Mozilla releases security updates for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0

Mozilla releases security updates for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0. The details of the vulnerabilities fixed are as follows:

 Platform CVE ID Vulnerability Impact
Thunderbird 91.4.0 CVE-2021-43528JavaScript unexpectedly enabled for the composition areaLow
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43536URL leakage when navigating while executing asynchronous functionHigh
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43537Heap buffer overflow when using structured cloneHigh
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43538Missing fullscreen and pointer lock notification when requesting bothHigh
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43539GC rooting failure when calling wasm instance methodsHigh
Firefox 95 CVE-2021-43540WebExtensions could have installed persistent ServiceWorkersModerate
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43541External protocol handler parameters were unescapedModerate
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43542XMLHttpRequest error codes could have leaked the existence of an external protocol handlerModerate
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43543Bypass of CSP sandbox directive when embeddingModerate
Firefox 95 CVE-2021-43544Universal XSS in Firefox for Android via QR Code URLsHigh
Firefox 95, Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43545Denial of Service when using the Location API in a loopLow
Firefox 95,  Firefox ESR 91.4.0, Thunderbird 91.4.0 CVE-2021-43546Cursor spoofing could overlay user interface when native cursor is zoomedLow
Firefox 95,  Firefox ESR 91.4.0, Thunderbird 91.4.0 MOZ-2021-0009Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4, Thunderbird 91.4.0High
Firefox 95 MOZ-2021-0010Use-after-free in fullscreen objects on MacOSHigh

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 322722 TU-027 Mozilla Firefox (95.0)
 322723 TU-027 Mozilla Firefox (x64) (95.0)
 322724 TU-054 Mozilla Firefox ESR (91) (91.4.0)
 322727 TU-054 Mozilla Firefox ESR (91) (x64) (91.4.0)
 322726 TU-028 Mozilla Thunderbird (91) (x64) (91.4.0)
 322725  TU-028 Mozilla Thunderbird (91) (91.4.0)


Cheers,
The ManageEngine Team