Ubuntu 4443-1: Firefox vulnerabilities

    Date 29 Jul 2020
    141
    Posted By LinuxSecurity Advisories
    Firefox could be made to crash or run programs as your login if it opened a malicious website.
    ==========================================================================
    Ubuntu Security Notice USN-4443-1
    July 29, 2020
    
    firefox vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 20.04 LTS
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Firefox could be made to crash or run programs as your login if it
    opened a malicious website.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    Multiple security issues were discovered in Firefox. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service, obtain sensitive
    information, bypass iframe sandbox restrictions, confuse the user, or
    execute arbitrary code. (CVE-2020-6463, CVE-2020-6514, CVE-2020-15652,
    CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658,
    CVE-2020-15659)
    
    It was discovered that redirected HTTP requests which are observed or
    modified through a web extension could bypass existing CORS checks. If a
    user were tricked in to installing a specially crafted extension, an
    attacker could potentially exploit this to obtain sensitive information
    across origins. (CVE-2020-15655)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 20.04 LTS:
      firefox                         79.0+build1-0ubuntu0.20.04.1
    
    Ubuntu 18.04 LTS:
      firefox                         79.0+build1-0ubuntu0.18.04.1
    
    Ubuntu 16.04 LTS:
      firefox                         79.0+build1-0ubuntu0.16.04.2
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4443-1
      CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655,
      CVE-2020-15656, CVE-2020-15658, CVE-2020-15659, CVE-2020-6463,
      CVE-2020-6514
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/79.0+build1-0ubuntu0.20.04.1
      https://launchpad.net/ubuntu/+source/firefox/79.0+build1-0ubuntu0.18.04.1
      https://launchpad.net/ubuntu/+source/firefox/79.0+build1-0ubuntu0.16.04.2
    
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.