Ubuntu Security Notice 4474-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
9c3f9b8a995f19fc2e46e69b42485c8da02e85dd0a8cc8530e25b865bb07d168==========================================================================
Ubuntu Security Notice USN-4474-1
August 26, 2020
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in to
the trust store. An attacker could potentially exploit this to cause an
unspecified impact. (CVE-2020-15668)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 80.0+build2-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 80.0+build2-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
firefox 80.0+build2-0ubuntu0.16.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://usn.ubuntu.com/4474-1
CVE-2020-12400, CVE-2020-12401, CVE-2020-15664, CVE-2020-15665,
CVE-2020-15666, CVE-2020-15668, CVE-2020-15670, CVE-2020-6829
Package Information:
https://launchpad.net/ubuntu/+source/firefox/80.0+build2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/80.0+build2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/80.0+build2-0ubuntu0.16.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed