============================================================================ Ubuntu Security Notice USN-1620-1 October 26, 2012 firefox vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-4194, CVE-2012-4195) Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. (CVE-2012-4196) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: firefox 16.0.2+build1-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: firefox 16.0.2+build1-0ubuntu0.12.04.1 Ubuntu 11.10: firefox 16.0.2+build1-0ubuntu0.11.10.1 Ubuntu 11.04: firefox 16.0.2+build1-0ubuntu0.11.04.1 Ubuntu 10.04 LTS: firefox 16.0.2+build1-0ubuntu0.10.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1620-1 CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 Package Information: https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.10.04.1