Security vulnerabilities fixed in Firefox 84, Firefox ESR 78.6 and Thunderbird 78.6
Hello All,
Mozilla has released security advisories for Firefox 84, Firefox ESR 78.6, Thunderbird 78.6. A series of security vulnerabilities were fixed in this update. Find the details for the same below.
CVE ID | Description | Impact |
| CVE-2020-16042 | Operations on a BigInt could have caused uninitialized memory to be exposed | Critical |
| CVE-2020-26971 | Heap buffer overflow in WebGL | High |
| CVE-2020-26972 | Use-After-Free in WebGL | High |
| CVE-2020-26973 | CSS Sanitizer performed incorrect sanitization | High |
| CVE-2020-26974 | Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free | High |
| CVE-2020-26975 | Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers | Moderate |
| CVE-2020-26976 | HTTPS pages could have been intercepted by a registered service worker when they should not have been | Moderate |
| CVE-2020-26977 | URL spoofing via unresponsive port in Firefox for Android | Moderate |
| CVE-2020-26978 | Internal network hosts could have been probed by a malicious webpage | Moderate |
| CVE-2020-26979 | When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended url | Low |
| CVE-2020-35111 | The proxy onRequest API did not catch view-source URLs | Low |
| CVE-2020-35112 | Opening an extension-less download may have inadvertently launched an executable instead. | Low |
| CVE-2020-35113 | Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 | High |
| CVE-2020-35114 | Memory safety bugs fixed in Firefox 84 | High |
To update these using Desktop Central, initiate a synchronization between the Central Patch Repository and Desktop Central server. Search for the following Patch IDs or Bulletin IDs and deploy them. Find more detailed information about the vulnerabilities in the below links.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/Patch ID | Bulletin ID | Patch Description |
| 317521 | TU-027 | Mozilla Firefox (84.0) |
| 317522 | TU-027 | Mozilla Firefox (x64) (84.0) |
| 317523 | TU-054 | Mozilla Firefox ESR (78.6.0) |
| 317524 | TU-054 | Mozilla Firefox ESR (x64) (78.6.0) |
| 317525 | TU-028 | Mozilla Thunderbird (78.6.0) |
| 317526 | TU-028 | Mozilla Thunderbird (x64) (78.6.0) |
Cheers,
Team ManageEngine