Ubuntu 20.04 LTS: USN-4383-1 Critical: Firefox Denial Of Service
ubuntu
June 4, 2020
Firefox could be made to crash or run programs as your login if it opened a malicious website.
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406,
CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410,
CVE-2020-12411)
It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 77.0.1+build1-0ubuntu0.20.04.1 Ubuntu 19.10: firefox 77.0.1+build1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS: firefox 77.0.1+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: firefox 77.0.1+build1-0ubuntu0.16.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4383-1
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12407,
CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
June 04, 2020
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!