On Tuesday, Mozilla updated its Thunderbird email client as well as the regular and ESR (Extended Support Release) versions of its Firefox web browser. Thunderbird and Firefox ESR are now in version 78. 6, the regular Firefox version 84 .

The security gaps that were closed hardly varied: All three programs were uniformly against one classified as critical and at least four gaps each secured with “high” classification. Some problems with the “Moderate” and “Low” risk ratings have also been fixed. The Tor Browser received an update to 10. 0.7 , which among other things which includes fixes from the Firefox ESR base of the anonymizing browser.

Reading of information and arbitrary code execution About the closed critical security hole with the ID CVE – 2020 – 16042 attackers could have read data from non-initialized memory under certain conditions. The four “high” gaps, which were uniformly eliminated from all Mozilla products, allowed, among other things, the execution of any program code, the provoking of exploitable program crashes and the circumvention of security mechanisms.

Details, also on the extra Updates in Firefox 84 compared to the ESR variant and the e-mail client can be found in Mozilla’s advisories:

Security Vulnerabilities fixed in Thunderbird 78. 6 Security Vulnerabilities fixed in Firefox ESR 78. 6 Security Vulnerabilities fixed in Firefox 84 Information about Tor Browser and Firefox 84 The new features of the Tor Browser are described in a blog entry about the version 10. 0.7. As previously announced, the desktop version (Windows, Linux, macOS) and the Android version were published at the same time this time. Tor Browser 10 0.7 can be downloaded from the official download site and from the Distribution Directory.

We have dedicated a separate article to the new features contained in Firefox beyond the security fixes – including native M1 support and faster rendering pipeline for Linux -:

The Tor Browser: Surf the Darknet uncensored (heise tips + tricks) (ovw)