Ubuntu Security Notice 1786-1 - Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) library when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
8f53451ed15d0fcaa80c7db013e54cc52b1d13ce2a1ab07018fb3107c6cc732b