Home / Security / USN-3801-2: Firefox regressions | Ubuntu security notices

USN-3801-2: Firefox regressions | Ubuntu security notices

23 November 2018

firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

USN-3801-1 caused some minor regressions in Firefox.

Software Description

  • firefox – Mozilla Open Source web browser

Details

USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problems.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass CSP
restrictions, spoof the protocol registration notification bar, leak
SameSite cookies, bypass mixed content warnings, or execute arbitrary
code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402,
CVE-2018-12403)

Multiple security issues were discovered with WebExtensions in Firefox.
If a user were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to bypass domain restrictions,
gain additional privileges, or run content scripts in local pages without
permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
firefox63.0.3+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox63.0.3+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox63.0.3+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS
firefox63.0.3+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Broadcom WiFi Driver Flaws Expose Computers, Phones, IoT to RCE Attacks

Broadcom WiFi Driver Flaws Expose Computers, Phones, IoT to RCE Attacks

Broadcom WiFi chipset drivers have been found to contain vulnerabilities impacting multiple operating systems and ...