Ubuntu alert USN-6862-1 (firefox)
| From: | Evan Caville <evan.caville@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6862-1] Firefox vulnerabilities | |
| Date: | Wed, 03 Jul 2024 18:17:34 +1000 | |
| Message-ID: | <1f1af3a4-e4cc-40c5-831e-20fb5711742f@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6862-1 July 03, 2024 firefox vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701) Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-5688) Lukas Bernhard discovered that Firefox did not properly manage memory in the JavaScript engine. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2024-5694) Irvan Kurniawan discovered that Firefox did not properly handle certain allocations in the probabilistic heap checker. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5695) Irvan Kurniawan discovered that Firefox did not properly handle certain text fragments in input tags. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5696) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS firefox 127.0.2+build1-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6862-1 CVE-2024-5688, CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5694, CVE-2024-5695, CVE-2024-5696, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701 Package Information: https://launchpad.net/ubuntu/+source/firefox/127.0.2+buil...
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmaFCR4FAwAAAAAACgkQWNrRIKaTkWex gw//S4cNsZdxcRTPuawBd39ZO7vkpRVmgV9cXvr4C7jxCdD5bdFJzdYAhZZYr/S5LEivMQSgjynz Mj5bisqtZE0bTV3nXl5oBfUjnR8alb+tZhLNFOyCOXMhzQZQoBQvoBTdhyNEf3hGncTHR7lM8sd3 zzNJkgEsJ3kSeGC9iBW+MUValJVwoQG/lvjPsVzlAq/gT+HoDlTa19jQLXlcaXP2uKJOaOfUXdc2 9cFYLvBMtiwW6QVie9loGRYb+ek7TyiN/8vtNIW7MD7aYGYTfvza+QlkjkZBjAXSK0R1QMSRR/rC S0GR+/9c8otsX5gNobnTK00O7Gipk7g/dOgBuJS0g/TuOU+t6HS/YgG9GZCEudei/3qJ/uc/QEMO pkxjCiyq9V4HlckQNIfzzUH2meXMZifOaM5V4bI89CWHrAP8rqNEsxbTCbKdRFegwEMdaJjI/8+F D7TLTbyLafhofAur5tLeadFYz8kCUKt12KX8OyOmy28ctDNzqevKo909udhoReNUDRVSC5yai6aw vSO5Jj+8Xtj89IK3LFyPwz88LTpcx49E/baJ0Sp/EK8ZkpAVmfXXVJRNGQlhP6wuIePxKyeUFcWS Yf84GqH4xYWrp1roi1qRosaZVsIJWDhbfMfbsuTP4E+3AGqB5yh0t9wESLPVcgqAvVqWQ8qFLqkb O14= =RK9X -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)