Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 534
Alerts This Week
Warning Icon 1 534

Ubuntu: 3155-1 Critical: Firefox Denial Of Service And Code Execution

ubuntu
Calendar Grey December 13, 2016
Scroller Ubuntu
Various weaknesses in Chrome may result in application failures or unapproved code execution via harmful web pages.
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Firefox could be made to crash or run programs as your login if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Multiple security vulnerabilities were discovered in Firefox. If a user

were tricked in to opening a specially crafted website, an attacker could

potentially exploit these to conduct cross-site scripting (XSS) attacks,

obtain sensitive information, cause a denial of service via application

crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893,

CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898,

CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,

CVE-2016-9904)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  firefox                         50.1.0+build2-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  firefox                         50.1.0+build2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  firefox                         50.1.0+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         50.1.0+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895,

CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899,

CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,

CVE-2016-9904

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2016

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.