Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 20.04 LTS USN-5782-2 Moderate: Firefox Minor Non-critical Issues

ubuntu
Calendar Grey January 5, 2023
Dist Ubuntu Esm H88
The small bugs in Firefox were addressed through Ubuntu Security Notice USN-5782-2 on the fifth of January in the year 2023.
USN-5782-1 caused some minor regressions in Firefox.

Summary

USN-5782-1 caused some minor regressions in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

USN-5782-1 fixed vulnerabilities in Firefox. The update introduced

several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Firefox was using an out-of-date libusrsctp library.

An attacker could possibly use this library to perform a reentrancy issue

on Firefox. (CVE-2022-46871)

Nika Layzell discovered that Firefox was not performing a check on paste

received from cross-processes. An attacker could potentially exploit this

to obtain sensitive information. (CVE-2022-46872)

Pete Freitag discovered that Firefox did not implement the unsafe-hashes

CSP directive. An attacker who was able to inject markup into a page

otherwise protected by a Content Security Policy may have been able to

inject an executable script. (CVE-2022-46873)

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  firefox                         108.0.1+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         108.0.1+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-5782-2

https://ubuntu.com/security/notices/USN-5782-1

https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2001921

January 05, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.