Security vulnerabilities fixed in Firefox 84, Firefox ESR 78.6 and Thunderbird 78.6

Security vulnerabilities fixed in Firefox 84, Firefox ESR 78.6 and Thunderbird 78.6

Hello All,

 

Mozilla has released security advisories for Firefox 84, Firefox ESR 78.6, Thunderbird 78.6. A series of security vulnerabilities were fixed in this update. Find the details for the same below.


CVE ID
Description
Impact
CVE-2020-16042 Operations on a BigInt could have caused uninitialized memory to be exposedCritical
CVE-2020-26971Heap buffer overflow in WebGLHigh
CVE-2020-26972 Use-After-Free in WebGLHigh
CVE-2020-26973 CSS Sanitizer performed incorrect sanitizationHigh
CVE-2020-26974Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-freeHigh
CVE-2020-26975Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headersModerate
CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have beenModerate
CVE-2020-26977 URL spoofing via unresponsive port in Firefox for AndroidModerate
CVE-2020-26978 Internal network hosts could have been probed by a malicious webpageModerate
CVE-2020-26979 When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended urlLow
CVE-2020-35111 The proxy onRequest API did not catch view-source URLsLow
CVE-2020-35112   Opening an extension-less download may have inadvertently launched an executable instead.Low
CVE-2020-35113 Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6High
CVE-2020-35114 Memory safety bugs fixed in Firefox 84High

To update these using Vulnerability Manager Plus, initiate a synchronization between the Central Patch Repository and Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them. Find more detailed information about the vulnerabilities in the below links.

 

https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/


Patch ID
Bulletin ID
Patch Description
317521TU-027Mozilla Firefox (84.0)
317522TU-027Mozilla Firefox (x64) (84.0)
317523TU-054Mozilla Firefox ESR (78.6.0)
317524TU-054Mozilla Firefox ESR (x64) (78.6.0)
317525TU-028Mozilla Thunderbird (78.6.0)
317526TU-028Mozilla Thunderbird (x64) (78.6.0)

Cheers,

Team ManageEngine