Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 21.10: 5131-1 Critical: Firefox Denial of Service Exploits

ubuntu
Calendar Grey November 3, 2021
Dist Ubuntu Esm H88
The latest Ubuntu Security Announcement USN-5131-1 highlights security flaws in Firefox which could be leveraged by malicious websites.
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Firefox could be made to crash or run programs as your login if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were

tricked into opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, bypass security

restrictions, spoof the browser UI, confuse the user, conduct phishing

attacks, or execute arbitrary code. (CVE-2021-38503, CVE-2021-38504,

CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509)

It was discovered that the 'Copy Image Link' context menu action

would copy the final image URL after redirects. If a user were tricked

into copying and pasting a link for an embedded image that triggered

authentication flows back to the page, an attacker could potentially

exploit this to steal authentication tokens.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  firefox                         94.0+build3-0ubuntu0.21.10.1

Ubuntu 21.04:
  firefox                         94.0+build3-0ubuntu0.21.04.1

Ubuntu 20.04 LTS:
  firefox                         94.0+build3-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         94.0+build3-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5131-1

CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,

CVE-2021-38508, CVE-2021-38509

Severity
critical
Lowest
Low
Medium
High
Critical

November 03, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.