The Mozilla Foundation has patched three High risk vulnerabilities in Firefox 92.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2021-38, Firefox 92 addressed the following three High severity vulnerabilities:
- CVE-2021-29993: Handling custom intents could lead to crashes and UI spoofs.
- CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1.
- CVE-2021-38494: Memory safety bugs fixed in Firefox 92.
The first issue CVE-2021-29993 only affects Android. The two memory safety bugs could allow an attacker to exploit and then run arbitrary code. To add, two other Medium rated vulnerabilities were also patched.
The Firefox 92.0 also includes the following new features:
- More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
- Full-range color levels are now supported for video playback on many systems.
- Mac users can now access the macOS share options from the Firefox File menu.
- Support for images containing ICC v4 profiles is enabled on macOS.
Finally, Mozilla also released security updates for Firefox ESR 78.14, and Thunderbird 78.14.
Related Articles
- Mozilla patches High risk vulnerability in Firefox 91.0.1
- Mozilla releases Firefox 90 with new version of SmartBlock and 9 security fixes
- Mozilla releases Firefox 89 with new privacy protections and nine security fixes
- Mozilla releases Firefox 88 with new protection against privacy leaks on the web
- Firefox 87 adds SmartBlock for Private Browsing
- Firefox 86 adds ‘Total Cookie Protection’ along with fixes for 5 High risk vulnerabilities
- Mozilla releases Firefox 85, fixes for 5 High risk vulnerabilities