Mozilla patches 3 High risk vulnerabilities in Firefox 92

Mozilla patches 3 High risk vulnerabilities in Firefox 92

The Mozilla Foundation has patched three High risk vulnerabilities in Firefox 92.

An attacker could exploit these vulnerabilities to take control of impacted systems.

As part of Mozilla Foundation Security Advisory 2021-38, Firefox 92 addressed the following three High severity vulnerabilities:

  • CVE-2021-29993: Handling custom intents could lead to crashes and UI spoofs.
  • CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1.
  • CVE-2021-38494: Memory safety bugs fixed in Firefox 92.

The first issue CVE-2021-29993 only affects Android. The two memory safety bugs could allow an attacker to exploit and then run arbitrary code. To add, two other Medium rated vulnerabilities were also patched.

The Firefox 92.0 also includes the following new features:

  • More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
  • Full-range color levels are now supported for video playback on many systems.
  • Mac users can now access the macOS share options from the Firefox File menu.
  • Support for images containing ICC v4 profiles is enabled on macOS.

Finally, Mozilla also released security updates for Firefox ESR 78.14, and Thunderbird 78.14.

Related Articles

Tags: