=========================================================================Ubuntu Security Notice USN-5880-1
February 20, 2023

firefox vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)

Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)

Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (CVE-2023-25729)

Irvan Kurniawan discovered that Firefox did not properly validate
background script invoking requestFullscreen. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730)

Ronald Crane discovered that Firefox did not properly manage memory when
using EncodeInputStream in xpcom. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25732)

Samuel Grob discovered that Firefox did not properly manage memory when
using wrappers wrapping a scripted proxy. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-25735)

Holger Fuhrmannek discovered that Firefox did not properly manage memory
when using Module load requests. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25739)

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25731,
CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741,
CVE-2023-25742, CVE-2023-25744, CVE-2023-25745)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  firefox                         110.0+build3-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  firefox                         110.0+build3-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5880-1
  CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730,
  CVE-2023-25731, CVE-2023-25732, CVE-2023-25733, CVE-2023-25735,
  CVE-2023-25736, CVE-2023-25737, CVE-2023-25739, CVE-2023-25741,
  CVE-2023-25742, CVE-2023-25744, CVE-2023-25745

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/110.0+build3-0ubuntu0.20.04.1
  https://launchpad.net/ubuntu/+source/firefox/110.0+build3-0ubuntu0.18.04.1

Ubuntu 5880-1: Firefox vulnerabilities

February 20, 2023
Several security issues were fixed in Firefox.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 110.0+build3-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 110.0+build3-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5880-1

CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730,

CVE-2023-25731, CVE-2023-25732, CVE-2023-25733, CVE-2023-25735,

CVE-2023-25736, CVE-2023-25737, CVE-2023-25739, CVE-2023-25741,

CVE-2023-25742, CVE-2023-25744, CVE-2023-25745

Severity
February 20, 2023

Package Information

https://launchpad.net/ubuntu/+source/firefox/110.0+build3-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/firefox/110.0+build3-0ubuntu0.18.04.1

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved