Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

Ubuntu 15.04 USN-2602-1 Critical: Buffer Overflow In Firefox

ubuntu
Calendar Grey May 13, 2015
Dist Ubuntu Esm H88
A number of vulnerabilities in Firefox on Ubuntu could result in system instability or the execution of unauthorized applications when users visit harmful websites.
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Firefox could be made to crash or run programs as your login if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong,

Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic

discovered multiple memory safety issues in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service via application

crash, or execute arbitrary code with the privileges of the user invoking

Firefox. (CVE-2015-2708, CVE-2015-2709)

Atte Kettunen discovered a buffer overflow during the rendering of SVG

content with certain CSS properties in some circumstances. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit this to cause a denial of service via application

crash, or execute arbitrary code with the privileges of t...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  firefox                         38.0+build3-0ubuntu0.15.04.1

Ubuntu 14.10:
  firefox                         38.0+build3-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  firefox                         38.0+build3-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         38.0+build3-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2602-1

CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2711,

CVE-2015-2712, CVE-2015-2713, CVE-2015-2715, CVE-2015-2716,

CVE-2015-2717, CVE-2015-2718

Severity
critical
Lowest
Low
Medium
High
Critical

May 13, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.