The Mozilla Foundation has released Firefox 88 that includes new privacy protection security fixes for five High risk vulnerabilities.
An attacker could exploit the vulnerabilities to take control of impacted systems.
The latest Firefox 88 includes a number of bug fixes, security patches and features, to include new protection against privacy leaks on the web. With Firefox 88, trackers will no longer be able to abuse the window.name property to track users across websites.
Moreover, Firefox 88 patched the following five High severity vulnerabilities as part of Mozilla Foundation Security Advisory 2021-16:
- CVE-2021-23994: Out of bound write due to lazy initialization.
- CVE-2021-23995: Use-after-free in Responsive Design Mode.
- CVE-2021-23996: Content rendered outside of webpage viewport.
- CVE-2021-23997: Use-after-free when freeing fonts from cache.
- CVE-2021-29947: Memory safety bugs.
Mozilla warned that CVE-2021-29947, CVE-2021-23995 and CVE-2021-23997 could be exploited to run arbitrary code. In addition, CVE-2021-23996 could be used in spoofing attacks that could have been used for phishing. Mozilla also patched six Moderate and two Low risk bugs.
Finally, Mozilla published new security update for Firefox ESR 78.10 and Thunderbird 78.10,