Mozilla has patched vulnerabilities in Firefox, Firefox ESR and Thunderbird that if exploited, could allow an attacker to take control of an affected system.
CVE-2021-23969 – Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23970 – Multithreaded WASM triggered assertions validating separation of script domains
CVE-2021-23968 – Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23978 – Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
CVE-2021-23979 – Memory safety bugs fixed in Firefox 86
4 additional moderate impact and 3 low impact security issues were also addressed.
The latest version of Firefox, including Firefox ESR can be downloaded here.
The latest version of Thunderbird can be found here.