Mozilla has released security updates to fix vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Mozilla has fixed the CVE-2021-23981 vulnerability in Firefox 87, which had a high impact. The vulnerability is exploited after texture loading of a pixel buffer object, WebGL code bypassing binding the buffer used to unpack, resulting in memory corruption and a possible information leak or crash.
Fixed the CVE-2021-23982 vulnerability in Mozilla Firefox ESR 78.9. MOZ-2021-0002: Angle chart library needs to be updated. Mozilla developers Alexis Beingessner, Tyson Smith, Julien Wajsberg, and Matthew Gregan announced memory security bugs found in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and said that with enough effort, some of them could be used to run arbitrary code.
Fixed the CVE-2021-23987 vulnerability in Mozilla, Thunderbird 78.9. Thunderbird released a vulnerability in 78.9 that fixes memory security bugs, this vulnerability cannot be exploited via email in Thunderbird because scripting is disabled when reading mail, but potentially risky in browser or browser-like contexts.
Source:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981
https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.