Ubuntu Security Notice 3801-2 - USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. Various other issues were also addressed.
19adff75e4651cdc2641de4dfbb8e5a60a5f17ff9dd101eda5aab4bf371e654b==========================================================================
Ubuntu Security Notice USN-3801-2
November 23, 2018
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-3801-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass CSP
restrictions, spoof the protocol registration notification bar, leak
SameSite cookies, bypass mixed content warnings, or execute arbitrary
code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402,
CVE-2018-12403)
Multiple security issues were discovered with WebExtensions in Firefox.
If a user were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to bypass domain restrictions,
gain additional privileges, or run content scripts in local pages without
permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
firefox 63.0.3+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
firefox 63.0.3+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
firefox 63.0.3+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 63.0.3+build1-0ubuntu0.14.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3801-2
https://usn.ubuntu.com/usn/usn-3801-1
https://launchpad.net/bugs/1804881
Package Information:
https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.14.04.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed