Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Matthew Noorenberghe discovered that whitelisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)
Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)
Armin Razmdjou discovered that opening hyperlinks with specific mouse
and key combinations could allow a Chrome privileged URL to be opened
without context restrictions being preserved. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass s...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 36.0+build2-0ubuntu0.14.10.4 Ubuntu 14.04 LTS: firefox 36.0+build2-0ubuntu0.14.04.4 Ubuntu 12.04 LTS: firefox 36.0+build2-0ubuntu0.12.04.5 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2505-1
CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822,
CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826,
CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831,
CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836
Get the latest Linux and open source security news straight to your inbox.