Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)
Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)
Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)
Matthias Zoellner discovered that Firefox was not keeping the filename
ending intact when using the drag-and-drop event. An attacker could
possibly use this issue to add a file with a malicious extension, leading
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 108.0+build2-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 108.0+build2-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5782-1
CVE-2022-46871, CVE-2022-46872, CVE-2022-46873, CVE-2022-46874,
CVE-2022-46877, CVE-2022-46878, CVE-2022-46879
Get the latest Linux and open source security news straight to your inbox.