Ubuntu Security Notice 6890-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
f15b11906373e1b7a6004445dd8950a42b25db0fbd2a71c72c0958a58395f972==========================================================================
Ubuntu Security Notice USN-6890-1
July 10, 2024
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-6601,
CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611,
CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615)
It was discovered that Firefox did not properly manage certain memory
operations in the NSS. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-6602,
CVE-2024-6609)
Irvan Kurniawan discovered that Firefox did not properly manage memory
during thread creation. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-6603)
It was discovered that Firefox incorrectly handled array accesses in the
clipboard component, leading to an out-of-bounds read vulnerability. An
attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-6606)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
firefox 128.0+build2-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes
References:
https://ubuntu.com/security/notices/USN-6890-1
CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604,
CVE-2024-6606, CVE-2024-6607, CVE-2024-6608, CVE-2024-6609,
CVE-2024-6610, CVE-2024-6611, CVE-2024-6612, CVE-2024-6613,
CVE-2024-6614, CVE-2024-6615
Package Information:
https://launchpad.net/ubuntu/+source/firefox/128.0+build2-0ubuntu0.20.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed