Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Ubuntu 21.10: USN-5321-3 Moderate: Firefox Regression Fix

ubuntu
Calendar Grey March 24, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5322-4 concerns vulnerabilities and subsequent regressions in Thunderbird affecting user safety.
USN-5321-1 introduced minor regressions in Firefox.

Summary

USN-5321-1 introduced minor regressions in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

USN-5321-1 fixed vulnerabilities in Firefox. The update introduced

several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were

tricked into opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, spoof the browser

UI, bypass security restrictions, obtain sensitive information, or execute

arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,

CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)

A TOCTOU bug was discovered when verifying addon signatures during

install. A local attacker could potentially exploit this to trick a

user into installing an addon with an invalid signature.

(CVE-2022-26387)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  firefox                         98.0.2+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
  firefox                         98.0.2+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         98.0.2+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5321-3

https://ubuntu.com/security/notices/USN-5321-1

https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1966306

March 24, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.