Ubuntu Security Notice 5131-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the browser UI, confuse the user, conduct phishing attacks, or execute arbitrary code. It was discovered that the 'Copy Image Link' context menu action would copy the final image URL after redirects. If a user were tricked into copying and pasting a link for an embedded image that triggered authentication flows back to the page, an attacker could potentially exploit this to steal authentication tokens. Various other issues were also addressed.
cf33f602acfdfa3ec5e7602c1c32691e14c8afcdb6ee751e6fa06c6b38e76b00==========================================================================
Ubuntu Security Notice USN-5131-1
November 03, 2021
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass security
restrictions, spoof the browser UI, confuse the user, conduct phishing
attacks, or execute arbitrary code. (CVE-2021-38503, CVE-2021-38504,
CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509)
It was discovered that the 'Copy Image Link' context menu action
would copy the final image URL after redirects. If a user were tricked
into copying and pasting a link for an embedded image that triggered
authentication flows back to the page, an attacker could potentially
exploit this to steal authentication tokens.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
firefox 94.0+build3-0ubuntu0.21.10.1
Ubuntu 21.04:
firefox 94.0+build3-0ubuntu0.21.04.1
Ubuntu 20.04 LTS:
firefox 94.0+build3-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 94.0+build3-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5131-1
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38508, CVE-2021-38509
Package Information:
https://launchpad.net/ubuntu/+source/firefox/94.0+build3-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/firefox/94.0+build3-0ubuntu0.21.04.1
https://launchpad.net/ubuntu/+source/firefox/94.0+build3-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/94.0+build3-0ubuntu0.18.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed