Since Tuesday (June 1st, 2921) new versions of the Firefox browser in the form of Firefox 89 and the Extended Support Release (ESR) 78.11.0 have been available. The developers also fixed a handful of vulnerabilities from the code in the course of the release, two of which were rated “High”. The others pose a low to medium security risk.
The “High” vulnerability CVE-2021-29967 has been eliminated from both browser versions. According to Mozilla’s description, these are memory security bugs, some of which have the potential for memory errors. These in turn could be exploited “with sufficient effort” to execute arbitrary (harmful) code.
Firefox 89 was also secured against the CVE-2021-29965 vulnerability, which was also rated “High”, but which should only affect the browser variant for the mobile Android operating system. According to the description, it is located in the browser’s password manager and could be misused to elicit password suggestions for trustworthy sites stored in the context of a malicious website prepared by an attacker.