Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 18.04 LTS USN-3761-2 Moderate: Firefox Browser Update

ubuntu
Calendar Grey September 13, 2018
Dist Ubuntu Esm H88
Addresses Chrome anomalies from USN-4821-2. Upgrade today for a seamless internet experience.
USN-3761-1 caused several regressions in Firefox.

Summary

USN-3761-1 caused several regressions in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

USN-3761-1 fixed vulnerabilities in Firefox. The update caused several

regressions affecting spellchecker dictionaries and search engines. This

update fixes the problems.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, or execute

arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,

CVE-2018-12378)

It was discovered that if a user saved passwords before Firefox 58 and

then later set a master password, an unencrypted copy of these passwords

would still be accessible. A local user could exploit this to obtain

sensitive information. (CVE-2018-12383)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  firefox                         62.0+build2-0ubuntu0.18.04.4

Ubuntu 16.04 LTS:
  firefox                         62.0+build2-0ubuntu0.16.04.4

Ubuntu 14.04 LTS:
  firefox                         62.0+build2-0ubuntu0.14.04.4

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3761-2

https://ubuntu.com/security/notices/USN-3761-1

https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1791789

September 13, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.