Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 21.10: USN-5434-1 Critical: Firefox Privileged Execution Risk

ubuntu
Calendar Grey May 23, 2022
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-5435-2 highlights critical vulnerabilities within Thunderbird, which may cause severe data exposure threats.
Firefox could be made to execute JavaScript in a privileged context if it opened a malicious website.

Summary

Firefox could be made to execute JavaScript in a privileged context if it

opened a malicious website.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

It was discovered that the methods of an Array object could be corrupted

as a result of prototype pollution by sending a message to the parent

process. If a user were tricked into opening a specially crafted website,

an attacker could exploit this to execute JavaScript in a privileged

context.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  firefox                         100.0.2+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
  firefox                         100.0.2+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         100.0.2+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5434-1

CVE-2022-1529, CVE-2022-1802

Severity
critical
Lowest
Low
Medium
High
Critical

May 23, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.