Firefox 88.0.1

Mozilla Firefox has been updated to version 88.0.1. This update first rolled out to the Release channel on May 5. It comes with the following fixes:

  • Resolved an issue caused by a recent Widevine plugin update which prevented some purchased video content from playing correctly (bug 1705138)
  • Fixed corruption of videos playing on Twitter or WebRTC calls on some Gen6 Intel graphics chipsets (bug 1708937)
  • Fixed menulists in Preferences being unreadable for users with High Contrast Mode enabled (bug 1706496)
  • Various stability and security fixes.

Here are the security changes:

CVE-2021-29953: Universal Cross-Site Scripting:

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability.

Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.

CVE-2021-29952: Race condition in Web Render Components:

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code.

The same security updates have also rolled out to the Firefox Android browser.

The Firefox browser should update automatically the next time you open the browser. However, you can also download the update and install  it manually. Those who have the browser open already can open Firefox and navigate to Settings > Help > About Firefox and then check for the update from there.

Related Articles