what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-5954-1

Ubuntu Security Notice USN-5954-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5954-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-25750, CVE-2023-25751, CVE-2023-25752, CVE-2023-28160, CVE-2023-28161, CVE-2023-28162, CVE-2023-28164, CVE-2023-28177
SHA-256 | 9a904798e7771b7468e2663f1514597410be79efd31e38ffa22747567f7a3706

Ubuntu Security Notice USN-5954-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-5954-1
March 15, 2023

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25750,
CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177)

Lukas Bernhard discovered that Firefox did not properly manage memory
when invalidating JIT code while following an iterator. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-25751)

Rob Wu discovered that Firefox did not properly manage the URLs when
following a redirect to a publicly accessible web extension file. An
attacker could potentially exploits this to obtain sensitive information.
(CVE-2023-28160)

Luan Herrera discovered that Firefox did not properly manage cross-origin
iframe when dragging a URL. An attacker could potentially exploit this
issue to perform spoofing attacks. (CVE-2023-28164)

Khiem Tran discovered that Firefox did not properly manage one-time
permissions granted to a document loaded using a file: URL. An attacker
could potentially exploit this issue to use granted one-time permissions
on the local files came from different sources. (CVE-2023-28161)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
firefox 111.0+build2-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
firefox 111.0+build2-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-5954-1
CVE-2023-25750, CVE-2023-25751, CVE-2023-25752, CVE-2023-28160,
CVE-2023-28161, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176,
CVE-2023-28177

Package Information:
https://launchpad.net/ubuntu/+source/firefox/111.0+build2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/111.0+build2-0ubuntu0.18.04.1
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close