Ubuntu Security Notice USN-5434-1

Ubuntu Security Notice USN-5434-1: Posted May 24, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5434-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916; SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe; Download | Favorite | View

Ubuntu Security Notice USN-5434-1

==========================================================================
Ubuntu Security Notice USN-5434-1
May 23, 2022

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Firefox could be made to execute JavaScript in a privileged context if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website,
an attacker could exploit this to execute JavaScript in a privileged
context.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  firefox                         100.0.2+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
  firefox                         100.0.2+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         100.0.2+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5434-1
  CVE-2022-1529, CVE-2022-1802

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/100.0.2+build1-0ubuntu0.21.10.1
  https://launchpad.net/ubuntu/+source/firefox/100.0.2+build1-0ubuntu0.20.04.1
  https://launchpad.net/ubuntu/+source/firefox/100.0.2+build1-0ubuntu0.18.04.1

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 58 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Ubuntu Security Notice USN-5434-1

Ubuntu Security Notice USN-5434-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-5434-1

Share This

Ubuntu Security Notice USN-5434-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems