Firefox 82.0.3, Firefox 78.4.1 and Thunderbird 78.4.2 patch a critical security issue
Mozilla has released new stable versions of the Firefox web browser and the team behind the Thunderbird email client has released a new stable version to address a critical security vulnerability.
Firefox 82.0.3 and Firefox 78.4.1 ESR are already available. Firefox users may select Menu > Help > About Firefox to run a manual check for updates to download and install the new version automatically.
Thunderbird users may select Help > About Thunderbird in the client to get the new version downloaded and installed. Both menus display the current version that is installed on the system, which can be used to verify that the update is installed.
Mozilla Foundation Security Advisory 2020-49 reveals that the security issue that is fixed in the new versions of the browser and email client has received the highest severity rating critical.
It was revealed during the Tianfu Cup 2020 International Cybersecurity Contest held on November 7 and November 8, 2020. The contest is China's version of the Pwn2Own contest featuring security speeches, demonstrations, and a wide assortment of targets to be hacked.
Among the targets were all major browsers, Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox, as well as other popular applications such as Adobe PDF Reader, VMWare Workstation, Ubuntu, Apple's iPhone 11 Pro with iOS 14, Samsung's Galaxy S20, Windows 10 version 2004, and other systems.
The successful exploit of a vulnerability in Firefox brought the issue to Mozilla's attention. Thunderbird and Firefox share a codebase, and that is why Thunderbird is also affected by the vulnerability.
Mozilla's public description of the vulnerability:
CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
Mozilla reacted quickly and has produced a patch to fix the issue in all current versions of the Firefox web browser and Thunderbird.
Firefox and Thunderbird users should consider updating their browsers and email clients to the new version as quickly as possible.
The next stable version of Firefox will be released on November 17, 2020.Advertisement