Explore top 10 tips to secure your open-source projects now. Read More
×
USN-5782-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)
Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)
Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 108.0.2+build1-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 108.0.2+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5782-3
https://ubuntu.com/security/notices/USN-5782-1
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2002377
Get the latest Linux and open source security news straight to your inbox.