Ubuntu 4299-1: Firefox vulnerabilities

    Date 11 Mar 2020
    70
    Posted By LinuxSecurity Advisories
    Firefox could be made to crash or run programs as your login if it opened a malicious website.
    ==========================================================================
    Ubuntu Security Notice USN-4299-1
    March 11, 2020
    
    firefox vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 19.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Firefox could be made to crash or run programs as your login if it
    opened a malicious website.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    Multiple security issues were discovered in Firefox. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service, spoof the URL or
    other browser chrome, obtain sensitive information, bypass Content
    Security Policy (CSP) protections, or execute arbitrary code.
    (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
    CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814,
    CVE-2020-6815)
    
    It was discovered that Web Extensions with the all-url permission could
    access local files. If a user were tricked in to installing a specially
    crafted extension, an attacker could potentially exploit this to obtain
    sensitive information. (CVE-2020-6809)
    
    It was discovered that the Devtools' 'Copy as cURL' feature did not fully
    escape website-controlled data. If a user were tricked in to using the
    'Copy as cURL' feature to copy and paste a command with specially crafted
    data in to a terminal, an attacker could potentially exploit this to
    execute arbitrary commands via command injection. (CVE-2020-6811)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 19.10:
      firefox                         74.0+build3-0ubuntu0.19.10.1
    
    Ubuntu 18.04 LTS:
      firefox                         74.0+build3-0ubuntu0.18.04.1
    
    Ubuntu 16.04 LTS:
      firefox                         74.0+build3-0ubuntu0.16.04.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4299-1
      CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
      CVE-2020-6808, CVE-2020-6809, CVE-2020-6810, CVE-2020-6811,
      CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/74.0+build3-0ubuntu0.19.10.1
      https://launchpad.net/ubuntu/+source/firefox/74.0+build3-0ubuntu0.18.04.1
      https://launchpad.net/ubuntu/+source/firefox/74.0+build3-0ubuntu0.16.04.1
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.