Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Ubuntu 12.10: USN-1638-1 Critical: Firefox Memory Safety Threats

ubuntu
Calendar Grey November 21, 2012
Scroller Ubuntu
Crucial patches for multiple Firefox vulnerabilities affecting Ubuntu editions. Adhere to the advisory recommendations for upgrading.
Several security issues were fixed in Firefox.

Summary

Several security issues were fixed in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed

Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and

Andrew McCreight discovered multiple memory safety issues affecting

Firefox. If the user were tricked into opening a specially crafted page, an

attacker could possibly exploit these to cause a denial of service via

application crash, or potentially execute code with the privileges of the

user invoking Firefox. (CVE-2012-5842, CVE-2012-5843)

Atte Kettunen discovered a buffer overflow while rendering GIF format

images. An attacker could exploit this to possibly execute arbitrary code

as the user invoking Firefox. (CVE-2012-4202)

It was discovered that the evalInSandbox function's JavaScript sandbox

context could be circumvented. An attacker could exploit this to perform a

cross-site scripting (XSS) a...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  firefox                         17.0+build2-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
  firefox                         17.0+build2-0ubuntu0.12.04.1

Ubuntu 11.10:
  firefox                         17.0+build2-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
  firefox                         17.0+build2-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-1638-1

CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204,

CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209,

CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214,

CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218,

CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835,

CVE-2012-5836, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840,

CVE-2012-5841, CVE-2012-5842, CVE-2012-5843, https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1080211

Severity
critical
Lowest
Low
Medium
High
Critical

November 21, 2012

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.