Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)
Bobby Holley discovered that windows created to hold privileged UI content
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)
Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
cras...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 37.0+build2-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: firefox 37.0+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 37.0+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2550-1
CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804,
CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808,
CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814,
CVE-2015-0815, CVE-2015-0816
Get the latest Linux and open source security news straight to your inbox.