Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard,
Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and
Jeff Walden discovered multiple memory safety issues in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1574, CVE-2014-1575)
Atte Kettunen discovered a buffer overflow during CSS manipulation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1576)
Hol...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: firefox 33.0+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 33.0+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2372-1
CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577,
CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582,
CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
Get the latest Linux and open source security news straight to your inbox.