Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04 LTS: USN-4474-1 Critical: Firefox Crash Risk

ubuntu
Calendar Grey August 26, 2020
Dist Ubuntu Esm H88
Security risks in FireFox on Ubuntu could result in system crashes or compromise of sensitive information upon visiting harmful websites. Ensure you update immediately for optimal protection!
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Firefox could be made to crash or run programs as your login if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, trick the user

in to installing a malicious extension, spoof the URL bar, leak sensitive

information between origins, or execute arbitrary code. (CVE-2020-15664,

CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)

It was discovered that NSS incorrectly handled certain signatures.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)

A data race was discovered when importing certificate information in to

the trust store. An attacker could potentially exploit this to cause an

unspecified impact. (CVE-2020-15668)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  firefox                         80.0+build2-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         80.0+build2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  firefox                         80.0+build2-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4474-1

CVE-2020-12400, CVE-2020-12401, CVE-2020-15664, CVE-2020-15665,

CVE-2020-15666, CVE-2020-15668, CVE-2020-15670, CVE-2020-6829

Severity
critical
Lowest
Low
Medium
High
Critical

August 26, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here