Security vulnerabilities fixed in Firefox 84, Firefox ESR 78.6 and Thunderbird 78.6

Security vulnerabilities fixed in Firefox 84, Firefox ESR 78.6 and Thunderbird 78.6

Hello All,

 

Mozilla has released security advisories for Firefox 84, Firefox ESR 78.6, Thunderbird 78.6. A series of security vulnerabilities were fixed in this update. Find the details for the same below.


CVE ID
Description
Impact
CVE-2020-16042 
Operations on a BigInt could have caused uninitialized memory to be exposed
Critical
CVE-2020-26971
Heap buffer overflow in WebGL
High
CVE-2020-26972 
Use-After-Free in WebGL
High
CVE-2020-26973 
CSS Sanitizer performed incorrect sanitization
High
CVE-2020-26974
Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
High
CVE-2020-26975
Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers
Moderate
CVE-2020-26976 
HTTPS pages could have been intercepted by a registered service worker when they should not have been
Moderate
CVE-2020-26977 
URL spoofing via unresponsive port in Firefox for Android
Moderate
CVE-2020-26978 
Internal network hosts could have been probed by a malicious webpage
Moderate
CVE-2020-26979 
When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended url
Low
CVE-2020-35111 
The proxy onRequest API did not catch view-source URLs
Low
CVE-2020-35112   
Opening an extension-less download may have inadvertently launched an executable instead.
Low
CVE-2020-35113 
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
High
CVE-2020-35114 
Memory safety bugs fixed in Firefox 84
High

To update these using Patch Manager Plus, initiate a synchronization between the Central Patch Repository and Patch Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them. Find more detailed information about the vulnerabilities in the below links.

 

https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/


Patch ID
Bulletin ID
Patch Description
317521
TU-027
Mozilla Firefox (84.0)
317522
TU-027
Mozilla Firefox (x64) (84.0)
317523
TU-054
Mozilla Firefox ESR (78.6.0)
317524
TU-054
Mozilla Firefox ESR (x64) (78.6.0)
317525
TU-028
Mozilla Thunderbird (78.6.0)
317526
TU-028
Mozilla Thunderbird (x64) (78.6.0)

Cheers,

Team ManageEngine

                New to ADSelfService Plus?