Ubuntu Security Notice 6509-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information.
b829fdf51cf2a37d15b78f3f6807c30a0b585c7fbda044f4d27c269eebcb3308==========================================================================
Ubuntu Security Notice USN-6509-1
November 23, 2023
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-6206,
CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213)
It was discovered that Firefox did not properly manage memory when
images were created on the canvas element. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6204)
It discovered that Firefox incorrectly handled certain memory when using a
MessagePort. An attacker could potentially exploit this issue to cause a
denial of service. (CVE-2023-6205)
It discovered that Firefox incorrectly did not properly manage ownership
in ReadableByteStreams. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6207)
It discovered that Firefox incorrectly did not properly manage copy
operations when using Selection API in X11. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6208)
Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative
URLS starting with "///". An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6209)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 120.0+build2-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-6509-1
CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,
CVE-2023-6208, CVE-2023-6209, CVE-2023-6210, CVE-2023-6211,
CVE-2023-6212, CVE-2023-6213
Package Information:
https://launchpad.net/ubuntu/+source/firefox/120.0+build2-0ubuntu0.20.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed