Ubuntu 12.10: USN-1620-1 Critical: Firefox XSS Attack Issues
Oct 26, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Several security issues were fixed in Firefox.
=========================================================================Ubuntu Security Notice USN-1620-1 October 26, 2012 firefox vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-4194, CVE-2012-4195) Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. (CVE-2012-4196) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: firefox 16.0.2+build1-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: firefox 16.0.2+build1-0ubuntu0.12.04.1 Ubuntu 11.10: firefox 16.0.2+build1-0ubuntu0.11.10.1 Ubuntu 11.04: firefox 16.0.2+build1-0ubuntu0.11.04.1 Ubuntu 10.04 LTS: firefox 16.0.2+build1-0ubuntu0.10.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1620-1 CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 Package Information: https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.10.04.1
PREVIOUS
NEXT
Ubuntu 12.10: USN-1620-1 Critical: Firefox XSS Attack Issues
ubuntu
October 26, 2012
Several security issues were fixed in Firefox.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: firefox 16.0.2+build1-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: firefox 16.0.2+build1-0ubuntu0.12.04.1 Ubuntu 11.10: firefox 16.0.2+build1-0ubuntu0.11.10.1 Ubuntu 11.04: firefox 16.0.2+build1-0ubuntu0.11.04.1 Ubuntu 10.04 LTS: firefox 16.0.2+build1-0ubuntu0.10.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1620-1
CVE-2012-4194, CVE-2012-4195, CVE-2012-4196
Severity
critical
Lowest
Low
Medium
High
Critical
=========================================================================Ubuntu Security Notice USN-1620-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.10.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!