Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas
Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric
Rescorla, and Xidorn Quan discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2014-1587, CVE-2014-1588)
Cody Crews discovered a way to trigger chrome-level XBL bindings from web
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass security restrictions. (CVE-2014-1589)
Joe Vennix discovered a crash when using XMLHttpReq...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 34.0+build2-0ubuntu0.14.10.2 Ubuntu 14.04 LTS: firefox 34.0+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 34.0+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590,
CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
Get the latest Linux and open source security news straight to your inbox.