Explore top 10 tips to secure your open-source projects now. Read More
×
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass security
restrictions, spoof the browser UI, confuse the user, conduct phishing
attacks, or execute arbitrary code. (CVE-2021-38503, CVE-2021-38504,
CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509)
It was discovered that the 'Copy Image Link' context menu action
would copy the final image URL after redirects. If a user were tricked
into copying and pasting a link for an embedded image that triggered
authentication flows back to the page, an attacker could potentially
exploit this to steal authentication tokens.
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: firefox 94.0+build3-0ubuntu0.21.10.1 Ubuntu 21.04: firefox 94.0+build3-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: firefox 94.0+build3-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 94.0+build3-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5131-1
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38508, CVE-2021-38509
Get the latest Linux and open source security news straight to your inbox.