Ubuntu Security Notice 6862-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
6e34df5ece453b17083ec3b4016fc12bd53c7e6fdf765084d10f90292d57929c==========================================================================
Ubuntu Security Notice USN-6862-1
July 03, 2024
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)
Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-5688)
Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript engine. An attacker could potentially exploit this issue to
obtain sensitive information. (CVE-2024-5694)
Irvan Kurniawan discovered that Firefox did not properly handle certain
allocations in the probabilistic heap checker. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-5695)
Irvan Kurniawan discovered that Firefox did not properly handle certain
text fragments in input tags. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-5696)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
firefox 127.0.2+build1-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-6862-1
CVE-2024-5688, CVE-2024-5689, CVE-2024-5690, CVE-2024-5691,
CVE-2024-5693, CVE-2024-5694, CVE-2024-5695, CVE-2024-5696,
CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700,
CVE-2024-5701
Package Information:
https://launchpad.net/ubuntu/+source/firefox/127.0.2+build1-0ubuntu0.20.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed