The Mozilla Foundation has released Firefox 89 that includes new privacy protections and security fixes for nine vulnerabilities, two rated High severity.
An attacker could exploit the vulnerabilities to take control of impacted systems.
The latest Firefox 89 includes a number of bug fixes, security patches and features, to include new Total Cookie Protection, that “confines cookies to the site where they were created, preventing companies from using cookies to track your browsing across sites.”
As part of Mozilla Foundation Security Advisory 2021-23, Firefox 89 includes fixes for two High severity vulnerabilities:
- CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain spoofing.
- CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11.
Mozilla warned that CVE-2021-29967 could be exploited to run arbitrary code. In addition, CVE-2021-29965 could be used in spoofing attacks that could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog.
Moreover, Mozilla fixed five Medium and two Low risk bugs in the latest Firefox 89 release.
Finally, Mozilla published new security update Firefox ESR 78.11.