Ubuntu Security Notice USN-6992-1

Ubuntu Security Notice USN-6992-1: Posted Sep 5, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6992-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-8381, CVE-2024-8383, CVE-2024-8384, CVE-2024-8385, CVE-2024-8386; SHA-256 | f877ee8cce524a71acb383e922589b335611b9a2a91b121ebf320339bdca2584; Download | Favorite | View

Ubuntu Security Notice USN-6992-1

==========================================================================
Ubuntu Security Notice USN-6992-1
September 05, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)

Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)

It was discovered that Firefox did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)

Seunghyun Lee discovered that Firefox contained a type confusion
vulnerability when handling certain ArrayTypes. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8385)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   firefox                         130.0+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes

References:
   https://ubuntu.com/security/notices/USN-6992-1
   CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384,
   CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389

Package Information:
   https://launchpad.net/ubuntu/+source/firefox/130.0+build2-0ubuntu0.20.04.1

Top Authors In Last 30 Days

Red Hat 256 files
Jay Turla 150 files
indoushka 149 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Debian 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,066)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,731)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,807)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

Ubuntu Security Notice USN-6992-1

Ubuntu Security Notice USN-6992-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6992-1

Share This

Ubuntu Security Notice USN-6992-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems