==========================================================================
Ubuntu Security Notice USN-6779-2
May 29, 2024

firefox regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-6779-1 caused some minor regressions in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

USN-6779-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

Original advisory details:

 Multiple security issues were discovered in Firefox. If a user were
 tricked into opening a specially crafted website, an attacker could
 potentially exploit these to cause a denial of service, obtain sensitive
 information across domains, or execute arbitrary code. (CVE-2024-4767,
 CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
 CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
 
 Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
 when audio input connected with multiple consumers. An attacker could
 potentially exploit this issue to cause a denial of service, or execute
 arbitrary code. (CVE-2024-4764)
 
 Thomas Rinsma discovered that Firefox did not properly handle type check
 when handling fonts in PDF.js. An attacker could potentially exploit this
 issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)
 
 Irvan Kurniawan discovered that Firefox did not properly handle certain
 font styles when saving a page to PDF. An attacker could potentially
 exploit this issue to cause a denial of service. (CVE-2024-4770)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  firefox                         126.0.1+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6779-2
  https://ubuntu.com/security/notices/USN-6779-1
  https://launchpad.net/bugs/2067445

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/126.0.1+build1-0ubuntu0.20.04.1

Ubuntu 6779-2: Firefox Security Advisory Updatess

May 29, 2024
USN-6779-1 caused some minor regressions in Firefox.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: USN-6779-1 caused some minor regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-4764) Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Firefox did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-4770)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS firefox 126.0.1+build1-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6779-2

https://ubuntu.com/security/notices/USN-6779-1

https://launchpad.net/bugs/2067445

Severity
Ubuntu Security Notice USN-6779-2

Package Information

https://launchpad.net/ubuntu/+source/firefox/126.0.1+build1-0ubuntu0.20.04.1

Related News

8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory
11.Locks IsometricPattern Esm H170
2 - 3 min read
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
2 - 4 min read
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining
19.Laptop Bed Esm H170
2 - 4 min read
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved