Ubuntu Security Notice 4474-2 - USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. Various other issues were also addressed.
584112a39c0d75a49b8d4f20934eaf3084c31ce2908581ce5f37a18faf5e8871
==========================================================================
Ubuntu Security Notice USN-4474-2
September 03, 2020
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4474-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in to
the trust store. An attacker could potentially exploit this to cause an
unspecified impact. (CVE-2020-15668)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 80.0.1+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 80.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
firefox 80.0.1+build1-0ubuntu0.16.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://usn.ubuntu.com/4474-2
https://usn.ubuntu.com/4474-1
https://launchpad.net/bugs/1893021
Package Information:
https://launchpad.net/ubuntu/+source/firefox/80.0.1+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/80.0.1+build1-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/80.0.1+build1-0ubuntu0.16.04.1