Ubuntu 20.04 LTS: USN-6367-1 Critical: Firefox WebP Denial of Service
ubuntu
September 14, 2023
Firefox could be made to crash or run programs if it opened a malicious website.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Firefox could be made to crash or run programs if it opened a malicious website. Software Description: - firefox: Mozilla Open Source web browser Details: It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code. (CVE-2023-4863)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 117.0.1+build2-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6367-1
CVE-2023-4863
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6367-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/firefox/117.0.1+build2-0ubuntu0.20.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!