Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Ubuntu 21.10 USN-5314-1 High: Firefox Denial of Service Risks

ubuntu
Calendar Grey March 6, 2022
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-5314-1 regarding vulnerabilities discovered in Firefox impacting several versions. Ensure your system is updated promptly!
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Firefox could be made to crash or run programs as your login if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

A use-after-free was discovered when removing an XSLT parameter in some

circumstances. If a user were tricked into opening a specially crafted

website, an attacker could exploit this to cause a denial of service, or

execute arbitrary code. (CVE-2022-26485)

A use-after-free was discovered in the WebGPU IPC framework. If a user

were tricked into opening a specially crafted website, an attacker could

exploit this to cause a denial of service, or execute arbitrary code.

(CVE-2022-26486)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
   firefox                         97.0.2+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
   firefox                         97.0.2+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
   firefox                         97.0.2+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5314-1

CVE-2022-26485, CVE-2022-26486

March 06, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.