Ubuntu Security Notice 5954-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service.
9a904798e7771b7468e2663f1514597410be79efd31e38ffa22747567f7a3706==========================================================================
Ubuntu Security Notice USN-5954-1
March 15, 2023
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25750,
CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177)
Lukas Bernhard discovered that Firefox did not properly manage memory
when invalidating JIT code while following an iterator. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-25751)
Rob Wu discovered that Firefox did not properly manage the URLs when
following a redirect to a publicly accessible web extension file. An
attacker could potentially exploits this to obtain sensitive information.
(CVE-2023-28160)
Luan Herrera discovered that Firefox did not properly manage cross-origin
iframe when dragging a URL. An attacker could potentially exploit this
issue to perform spoofing attacks. (CVE-2023-28164)
Khiem Tran discovered that Firefox did not properly manage one-time
permissions granted to a document loaded using a file: URL. An attacker
could potentially exploit this issue to use granted one-time permissions
on the local files came from different sources. (CVE-2023-28161)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 111.0+build2-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 111.0+build2-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-5954-1
CVE-2023-25750, CVE-2023-25751, CVE-2023-25752, CVE-2023-28160,
CVE-2023-28161, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176,
CVE-2023-28177
Package Information:
https://launchpad.net/ubuntu/+source/firefox/111.0+build2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/111.0+build2-0ubuntu0.18.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed