The Mozilla Foundation has released Firefox 85 that includes security fixes for five High risk vulnerabilities.
An attacker could exploit the vulnerability to take control of impacted systems.
The latest Firefox 85 includes a number of bug fixes, security patches and features, to include new protections from supercookies. Firefox can now isolate hidden supercookies and prevent them from tracking your web browsing online.
Moreover, Firefox 85 patched the following five High severity vulnerabilities as part of Mozilla Foundation Security Advisory 2021-03:
- CVE-2021-23953: Cross-origin information leakage via redirected PDF requests.
- CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements.
- CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock.
- CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7.
- CVE-2021-23965: Memory safety bugs fixed in Firefox 85.
Mozilla warned that CVE-2021-23954 could lead to memory corruption and a potentially exploitable crash.
Mozilla also noted that the last two memory safety vulnerabilities could potentially be exploited to run arbitrary code.
The Firefox 84 update also addressed six Medium and two Low severity bugs.
Finally, Mozilla also addressed vulnerabilities in Firefox ESR 78.7 and Thunderbird 78.7.