==========================================================================
Ubuntu Security Notice USN-6862-1
July 03, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)

Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or  execute arbitrary code.
(CVE-2024-5688)

Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript engine. An attacker could potentially exploit this issue to
obtain sensitive information. (CVE-2024-5694)

Irvan Kurniawan discovered that Firefox did not properly handle certain
allocations in the probabilistic heap checker. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-5695)

Irvan Kurniawan discovered that Firefox did not properly handle certain
text fragments in input tags. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-5696)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   firefox                         127.0.2+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6862-1
   CVE-2024-5688, CVE-2024-5689, CVE-2024-5690, CVE-2024-5691,
   CVE-2024-5693, CVE-2024-5694, CVE-2024-5695, CVE-2024-5696,
   CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700,
   CVE-2024-5701

Package Information:
   https://launchpad.net/ubuntu/+source/firefox/127.0.2+build1-0ubuntu0.20.04.1

Ubuntu 6862-1: Firefox Security Advisory Updates

July 3, 2024
Several security issues were fixed in Firefox.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701) Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-5688) Lukas Bernhard discovered that Firefox did not properly manage memory in the JavaScript engine. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2024-5694) Irvan Kurniawan discovered that Firefox did not properly handle certain allocations in the probabilistic heap checker. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5695) Irvan Kurniawan discovered that Firefox did not properly handle certain text fragments in input tags. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5696)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS firefox 127.0.2+build1-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6862-1

CVE-2024-5688, CVE-2024-5689, CVE-2024-5690, CVE-2024-5691,

CVE-2024-5693, CVE-2024-5694, CVE-2024-5695, CVE-2024-5696,

CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700,

CVE-2024-5701

Severity
Ubuntu Security Notice USN-6862-1

Package Information

https://launchpad.net/ubuntu/+source/firefox/127.0.2+build1-0ubuntu0.20.04.1

Related News

31.Lock DigitalRoom Esm H170
2 - 4 min read
An aggressive cyber threat targeting HTTP File Server (HFS) users has emerged recently. A Remote Code Execution (RCE) vulnerability known as
34.Key AbstractDigital Esm H170
2 - 4 min read
Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved