Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)
Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: firefox 51.0.1+build2-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: firefox 51.0.1+build2-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: firefox 51.0.1+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 51.0.1+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3175-1
CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376,
CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380,
CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384,
CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388,
CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393,
CVE-2017-5396
Get the latest Linux and open source security news straight to your inbox.