Ubuntu Security Notice 5954-2 - USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. Rob Wu discovered that Firefox did not properly manage the URLs when following a redirect to a publicly accessible web extension file. An attacker could potentially exploits this to obtain sensitive information. Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. Khiem Tran discovered that Firefox did not properly manage one-time permissions granted to a document loaded using a file: URL. An attacker could potentially exploit this issue to use granted one-time permissions on the local files came from different sources.
7ead7bb25c8c04a52256d67d583dcbfffb6725d38ac5236d51297e2bc3a0492a==========================================================================
Ubuntu Security Notice USN-5954-2
March 27, 2023
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5954-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-5954-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25750,
CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177)
Lukas Bernhard discovered that Firefox did not properly manage memory
when invalidating JIT code while following an iterator. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-25751)
Rob Wu discovered that Firefox did not properly manage the URLs when
following a redirect to a publicly accessible web extension file. An
attacker could potentially exploits this to obtain sensitive information.
(CVE-2023-28160)
Luan Herrera discovered that Firefox did not properly manage cross-origin
iframe when dragging a URL. An attacker could potentially exploit this
issue to perform spoofing attacks. (CVE-2023-28164)
Khiem Tran discovered that Firefox did not properly manage one-time
permissions granted to a document loaded using a file: URL. An attacker
could potentially exploit this issue to use granted one-time permissions
on the local files came from different sources. (CVE-2023-28161)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 111.0.1+build2-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 111.0.1+build2-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-5954-2
https://ubuntu.com/security/notices/USN-5954-1
https://launchpad.net/bugs/2012696
Package Information:
https://launchpad.net/ubuntu/+source/firefox/111.0.1+build2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/111.0.1+build2-0ubuntu0.18.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed