[German]Mozilla developers have released version 84.0.2 and 78.6.1 ESR of the Firefox browser on January 6, 2021. These are security updates for the browser. Here is an overview of the updates.
The release notes mention only one security fix, which is described here. In older versions of the browser, there is a use-after-free write vulnerability (CVE-2020-16044) in the handling of a malicious COOKIE-ECHO SCTP chunk. A malicious peer could have modified a COOKIE-ECHO chunk in an SCTP packet in a way that could potentially lead to a use-after-free error. The developers suspect that with enough effort, this could have been exploited to execute arbitrary code.
Firefox 78.6.1 esr
An update to Firefox 78.6.1 esr with one year of long-term support was also provided with the same vulnerability fixed. Firefox 84.0.2 and 78.6.1 esr can be downloaded from this web page (choose the variant from the list boxes shown). The updates are also available for direct download.
Cookies helps to fund this blog: Cookie settings