Ubuntu 19.10, 18.04 LTS, 16.04 LTS: USN-4323-1 Critical: Firefox Exploit
ubuntu
April 7, 2020
Firefox could be made to crash or run programs as your login if it opened a malicious website.
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822,
CVE-2020-6824, CVE-2020-6825, CVE-2020-6826)
It was discovered that extensions could obtain auth codes from OAuth login
flows in some circumstances. If a user were tricked in to installing a
specially crafted extension, an attacker could potentially exploit this to
obtain access to the user's account. (CVE-2020-6823)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: firefox 75.0+build3-0ubuntu0.19.10.1 Ubuntu 18.04 LTS: firefox 75.0+build3-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: firefox 75.0+build3-0ubuntu0.16.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4323-1
CVE-2020-6821, CVE-2020-6822, CVE-2020-6823, CVE-2020-6824,
CVE-2020-6825, CVE-2020-6826
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
April 07, 2020
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!