Explore top 10 tips to secure your open-source projects now. Read More
×
USN-2505-1 introduced a regression in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-2505-1 fixed vulnerabilities in Firefox. This update removed the
deprecated "-remote" command-line switch that some older software still
depends on. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Matthew Noorenberghe discovered that whitelisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)
Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)
Armin Razmdjou discovered that opening hyperlinks with specific mouse
and key combination...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 36.0.1+build2-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: firefox 36.0.1+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 36.0.1+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2505-1
https://bugs.launchpad.net/ubuntu/+source/emacs24/+bug/1425972, https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1429115
Get the latest Linux and open source security news straight to your inbox.