Ubuntu Security Notice 6074-2 - USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploit this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a denial of service.
be35037deca33185914fe3d4b6a489c1de444844ca549786e8b7daf7a89d3ebc
==========================================================================
Ubuntu Security Notice USN-6074-2
May 16, 2023
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-6074-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-6074-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-32205,
CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,
CVE-2023-32213, CVE-2023-32215, CVE-2023-32216)
Irvan Kurniawan discovered that Firefox did not properly manage memory
when using RLBox Expat driver. An attacker could potentially exploits this
issue to cause a denial of service. (CVE-2023-32206)
Anne van Kesteren discovered that Firefox did not properly validate the
import() call in service workers. An attacker could potentially exploits
this to obtain sensitive information. (CVE-2023-32208)
Sam Ezeh discovered that Firefox did not properly handle certain favicon
image files. If a user were tricked into opening a malicicous favicon file,
an attacker could cause a denial of service. (CVE-2023-32209)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 113.0.1+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 113.0.1+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-6074-2
https://ubuntu.com/security/notices/USN-6074-1
https://launchpad.net/bugs/2019782
Package Information:
https://launchpad.net/ubuntu/+source/firefox/113.0.1+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/113.0.1+build1-0ubuntu0.18.04.1