Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 & 18.04 LTS: USN-5816-1 Critical: Firefox Security Flaws

ubuntu
Calendar Grey January 23, 2023
Dist Ubuntu Esm H88
Keep yourself updated on Ubuntu Security Notice USN-5817-1 concerning vulnerabilities and threats in Chrome to enhance your protection.
Several security issues were fixed in Firefox.

Summary

Several security issues were fixed in Firefox.

Software Description:

- firefox: Mozilla Open Source web browser

Details:

Niklas Baumstark discovered that a compromised web child process of Firefox

could disable web security opening restrictions, leading to a new child

process being spawned within the file:// context. An attacker could

potentially exploits this to obtain sensitive information. (CVE-2023-23597)

Tom Schuster discovered that Firefox was not performing a validation check

on GTK drag data. An attacker could potentially exploits this to obtain

sensitive information. (CVE-2023-23598)

Vadim discovered that Firefox was not properly sanitizing a curl command

output when copying a network request from the developer tools panel. An

attacker could potentially exploits this to hide and execute arbitrary

commands. (CVE-2023-23599)

Luan Herrera discovered that Firefox was not stopping navigation when

dragging a URL from a cross-origin iframe into the same tab. An attacker

pot...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  firefox                         109.0+build2-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         109.0+build2-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-5816-1

CVE-2023-23597, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601,

CVE-2023-23602, CVE-2023-23603, CVE-2023-23604, CVE-2023-23605,

CVE-2023-23606

Severity
critical
Lowest
Low
Medium
High
Critical

January 23, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here