Ubuntu alert USN-6779-1 (firefox)

From:
             
 
Nishit Majithia <nishit.majithia@canonical.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-6779-1] Firefox vulnerabilities
Date:
             
 
Tue, 21 May 2024 12:40:37 +0530
Message-ID:
             
 
<20240521071037.xxxg6agesni27f4z@machine>
==========================================================================
Ubuntu Security Notice USN-6779-1
May 21, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)

Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)

Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)

Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  firefox                         126.0+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6779-1
  CVE-2024-4367, CVE-2024-4764, CVE-2024-4767, CVE-2024-4768,
  CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772,
  CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776,
  CVE-2024-4777, CVE-2024-4778

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/126.0+build2...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmZMSOkACgkQ7Ic6ztRo
cjxpiAv/UhCgWtAdTE3gUXfklzijyb8yYqq3AHOI+zP+JksWGOuqnNf4CeWjrpi9
NR1jI9lSKxW2ufYcIJfZKfU1LprNwBeajVbCmEauNKeHOGXoy56ReOXSnKcAZDaa
HQ/mwtYvfpvxFM3MlihJE7T7A0EOYwtaharyxAvpXhlav0zR5IEGM/cp7EA3NnKx
suxe4K6GiiVo4ZNEHWrq4P1psyvqOOxwCAy/GZhj3FDPZPLcNyx0aTcybObFTVj/
7IFOdKyw9tJ+0rBhi1o4iSv6jZXMhRkNYbN/G8gBwzJgm8S537tLQOBYpiEHfMOC
VmBc4hMQi1cG7ahCxpFQOrygiEDAGIGObuAkudkE+lw/WPOwihgNnB8gJ7gj9s82
IzMzaXSDGRRAIbUUMVWo2ndJ5utqxU/Xqysn9UvP8MwA+1yYx5aChxJNuQUiyB6R
1l+4sirv+1TF9MxvHJbXVcjTf9nt+//srKH1mn4jBxYDqpe7cIl6VjgixnznoSEh
wCz63aw9
=qHLp
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)