Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)
Bobby Holley discovered that some DOM objects with certain properties
can bypass XrayWrappers in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to bypass security restrictions. (CVE-2014-8636)
Michal Zalewski discovered a use of uninitialized memory when rendering
mal...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 35.0+build3-0ubuntu0.14.10.2 Ubuntu 14.04 LTS: firefox 35.0+build3-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: firefox 35.0+build3-0ubuntu0.12.04.2 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2458-1
CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637,
CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641,
CVE-2014-8642
Get the latest Linux and open source security news straight to your inbox.