Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Karthikeyan Bhargavan discovered that NSS incorrectly handled state
transitions for the TLS state machine. If a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to skip
the ServerKeyExchange message and remove the forward-secrecy property.
(CVE-2015-2721)
Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-2722,
CVE-2015-2733)
Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence
Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, To...
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: firefox 39.0+build5-0ubuntu0.15.04.1 Ubuntu 14.10: firefox 39.0+build5-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: firefox 39.0+build5-0ubuntu0.14.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2656-1
CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725,
CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729,
CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,
CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,
CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743,
CVE-2015-4000
Get the latest Linux and open source security news straight to your inbox.