Hello Linux users, 

Severe memory safety bugs have been found in Firefox that could allow malicious actors to disrupt services or gain access to your sensitive data. The article I link to here contains the technical details you may want to know about these flaws.

Read on to learn how to mitigate these vulnerabilities and find out about other impactful issues recently identified and fixed in your open-source programs and applications.  

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our passion for Linux and security!

Stay safe out there,

Brittany Signature 150

Firefox

The Discovery 

Critical memory safety bugs have been discovered in Firefox. Some of these bugs have shown evidence of memory corruption and could have led to arbitrary code execution.

Firefox

The Impact

These vulnerabilities could result in data compromise and service disruption.

The Fix

Firefox ESR 115.8 mitigates these flaws. Given these vulnerabilities’ threat to affected systems, if left unpatched, we urge all impacted users to update to Firefox ESR 115.8 immediately. Doing so will help safeguard sensitive data and ensure system availability.

Your Related Advisories:

Register to Customize Your Advisories

Apache Druid

The Discovery 

A new Lucifer DDoS botnet malware variant is exploiting a severe vulnerability in unpatched Apache Druid servers. Once the malware infiltrates vulnerable servers, it transforms them into Monero cryptomining bots and initiates DDoS attacks, significantly compromising the targeted servers' integrity and availability.

Druid

The Impact

This flaw could result in malicious activities, including cryptojacking and distributed denial-of-service (DDoS) attacks.

The Fix

Apache has mitigated this actively exploited bug with a critical security update. Given this vulnerability’s threat to affected systems, if left unpatched, we strongly recommend that all impacted users update now. Patching will help prevent malware attacks and associated threats like cryptojacking and distributed denial-of-service (DDoS) attacks.

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery 

Have you updated to mitigate severe vulnerabilities recently found in Thunderbird? An attacker could use these flaws to steal sensitive data, bypass security restrictions, perform cross-site tracing, execute arbitrary code, or carry out denial-of-service attacks.

Thunderbird

The Impact

These vulnerabilities could result in service disruption or data loss.

The Fix

Distros continue to release security advisories regarding an essential update for Thunderbird that has been released to fix these severe bugs. Given these vulnerabilities’ significant threat to affected systems, if left unpatched, we urge all impacted users to update as soon as possible to prevent loss of system access and secure their sensitive information.

Your Related Advisories:

Register to Customize Your Advisories