Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu: 4032-1 Critical Security Issue with Firefox Sandbox Escape

ubuntu
Calendar Grey June 24, 2019
Dist Ubuntu Esm H88
A critical security flaw was identified in Chrome impacting various Debian iterations. Please upgrade your software immediately.
A sandbox escape was discovered in Firefox.

Summary

A sandbox escape was discovered in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

It was discovered that a sandboxed child process could open arbitrary web

content in the parent process via the Prompt:Open IPC message. When

combined with another vulnerability, an attacker could potentially exploit

this to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  firefox                         67.0.4+build1-0ubuntu0.19.04.1

Ubuntu 18.10:
  firefox                         67.0.4+build1-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  firefox                         67.0.4+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  firefox                         67.0.4+build1-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4032-1

  CVE-2019-11708

Severity
critical
Lowest
Low
Medium
High
Critical

June 24, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.