Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass CSP
restrictions, spoof the protocol registration notification bar, leak
SameSite cookies, bypass mixed content warnings, or execute arbitrary
code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402,
CVE-2018-12403)
Multiple security issues were discovered with WebExtensions in Firefox.
If a user were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to bypass domain restrictions,
gain additional privileges, or run content scripts in local pages without
permission. (CV...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: firefox 63.0+build2-0ubuntu0.18.10.2 Ubuntu 18.04 LTS: firefox 63.0+build2-0ubuntu0.18.04.2 Ubuntu 16.04 LTS: firefox 63.0+build2-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: firefox 63.0+build2-0ubuntu0.14.04.2 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3801-1
CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
CVE-2018-12395, CVE-2018-12396, CVE-2018-12397, CVE-2018-12398,
CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403
Get the latest Linux and open source security news straight to your inbox.