Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 18.10: USN-3918-1 Critical: Firefox Denial of Service Issues

ubuntu
Calendar Grey March 21, 2019
Dist Ubuntu Esm H88
Several vulnerabilities in Chrome for Linux addressed through updates; update promptly to avert potential abuses and malfunctions.
Several security issues were fixed in Firefox.

Summary

Several security issues were fixed in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service via application

crash, denial of service via successive FTP authorization prompts or modal

alerts, trick the user with confusing permission request prompts, obtain

sensitive information, conduct social engineering attacks, or execute

arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,

CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,

CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,

CVE-2019-9808, CVE-2019-9809)

A mechanism was discovered that removes some bounds checking for string,

array, or typed array accesses if Spectre mitigations have been disabled.

If a user were tricked in to openin...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  firefox                         66.0+build3-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  firefox                         66.0+build3-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  firefox                         66.0+build3-0ubuntu0.16.04.2

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3918-1

  CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791,

  CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796,

  CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9803,

  CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808,

  CVE-2019-9809

Severity
critical
Lowest
Low
Medium
High
Critical

March 21, 2019

Package Information

  https://launchpad.net/ubuntu/+source/firefox/66.0+build3-0ubuntu0.18.10.1
  https://launchpad.net/ubuntu/+source/firefox/66.0+build3-0ubuntu0.18.04.1
  https://launchpad.net/ubuntu/+source/firefox/66.0+build3-0ubuntu0.16.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here