The Mozilla Foundation has released Firefox 84 that includes security fixes for one Critical and six High risk vulnerabilities.
An attacker could exploit the vulnerability to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2020-54, Firefox 84 patched one Critical BigInt vulnerability CVE-2020-16042.
According to Mozilla, “when a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read.”
Moreover, Mozilla fixed the following six High risk vulnerabilities:
- CVE-2020-26971: Heap buffer overflow in WebGL
- CVE-2020-26972: Use-After-Free in WebGL
- CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
- CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
- CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
- CVE-2020-35114: Memory safety bugs fixed in Firefox 84.
Mozilla also noted that the last two memory safety vulnerabilities could potentially be exploited to run arbitrary code.
The Firefox 84 update also addressed four Medium and three Low severity bugs.
Finally, Mozilla also addressed vulnerabilities in Firefox ESR 78.6 and Thunderbird 78.6.