Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12

Mozilla releases security updates for Firefox 90 and Firefox ESR 78.12

Hello everyone,
Mozilla has fixed several high severity security vulnerabilities in Firefox 90 and Firefox ESR 78.12. The details of the vulnerabilities fixed are as follows:

  Platform CVE ID Vulnerability Impact
 Firefox 90, Firefox ESR 78.12 CVE-2021-29970Use-after-free in accessibility features of a document High
 Firefox 90 CVE-2021-29971Granted permissions only compared host; omitting scheme and port on Android High
 Firefox 90, Firefox ESR 78.12 CVE-2021-30547Out of bounds write in ANGLE High
 Firefox 90 CVE-2021-29972Use of out-of-date library included use-after-free vulnerability Moderate
 Firefox 90 CVE-2021-29973Password autofill on HTTP websites was enabled without user interaction on Android Moderate
 Firefox 90 CVE-2021-29974HSTS errors could be overridden when network partitioning was enabled Moderate
 Firefox 90 CVE-2021-29975Text message could be overlaid on top of another website Moderate
 Firefox 90, Firefox ESR 78.12 CVE-2021-29976Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 High
 Firefox 90 CVE-2021-29977Memory safety bugs fixed in Firefox 90 High

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 320504 TU-054 Mozilla Firefox ESR (78.12.0)
 320505 TU-054 Mozilla Firefox ESR (x64) (78.12.0)
 320502 TU-027 Mozilla Firefox (90.0)
 320503 TU-027 Mozilla Firefox (x64) (90.0)

Cheers,

The ManageEngine Team