We are supported by readers, when you click & purchase through links on our site we earn affiliate commission. Learn more.

Firefox updates close numerous security holes

The developers of the Mozilla Foundation have released security updates for their web browser. This closes 13 security holes in Firefox 94 and ten in ESR version 91.3. According to the programmers’ assessment, seven of the vulnerabilities represent a high security risk, four a moderate and two a low security risk.

The most serious problem affects both previous versions equally and was buried in the memory management (internal designation MOZ-2021-0007). Errors in it could, with enough effort, most likely be exploited to execute injected code. Among the sealed security leaks, there is still a weak point in the rules of the iframe sandbox (CVE-2021-38503). Attackers could handle manipulated XSLT stylesheets and thus execute scripts or break out onto the main frame.

Another error was introduced by new operating system features: The Windows 10 cloud clipboard first copies everything in the clipboard to synchronize with other devices on Microsoft’s cloud server. By marking such copied content, software can protect sensitive data from this further dissemination. The Firefox developers have now added this (CVE-2021-38505). Furthermore, the file selection dialog could lead to a program crash (CVE-2021-38504). The other closed security gaps could be misused for phishing attacks or cross-site scripting, for example.

Firefox users should check whether they are already using the latest version. The easiest way to do this is to click on the “Hamburger Menu” in the top right corner and select “Help” – “About Firefox”. If the version is not up-to-date, the updated version is downloaded.

The old ESR variant 78 is loud Release calendar from the manufacturer no longer updated. Switching to the newer versions is therefore strongly recommended.

The Mozilla Foundation’s advisories provide more detailed information:

(dmk)

To home page