You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Firefox

Sigurnosni nedostaci programskog paketa Firefox

==========================================================================
Ubuntu Security Notice USN-4323-1
April 07, 2020

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
– firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822,
CVE-2020-6824, CVE-2020-6825, CVE-2020-6826)

It was discovered that extensions could obtain auth codes from OAuth login
flows in some circumstances. If a user were tricked in to installing a
specially crafted extension, an attacker could potentially exploit this to
obtain access to the user’s account. (CVE-2020-6823)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
firefox 75.0+build3-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
firefox 75.0+build3-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
firefox 75.0+build3-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
https://usn.ubuntu.com/4323-1
CVE-2020-6821, CVE-2020-6822, CVE-2020-6823, CVE-2020-6824,
CVE-2020-6825, CVE-2020-6826

Package Information:
https://launchpad.net/ubuntu/+source/firefox/75.0+build3-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/firefox/75.0+build3-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/75.0+build3-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl6MwDkACgkQYR+97NWU
bg/KEAf/U4IkRvODwfgBbBubIvlv9wDyhTuU5AgBGUZDX9SGoPBDft95q/sdQn2F
prRWBWy6v6BXErtrw0BV2o7IoA5sV6rbHn2xmjHRTMrigBb7iuIgKcMxGaEl6ciJ
EsLOvMb0/U8btDsqXO+r5dPG2VsstUFerTLZZctcKqjyvvRzzeqcHjv8YYMO47OX
oj+m9ugoIfRVS/CPYN2mIS1DY17a8JiYWKHG1ZWcbDfCNbKo431Co/8IHRugfxkb
VWVwUGIRuu513Sbg4WrIpRqOcxny6LkNRyS/wX+/FvBUWc1GbLLnsGn8FXuSmjVR
8N48Y8DFhqk/xlmd3ajasLn27P8U+w==
=w9Ic
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke gnutls28

Otkriven je sigurnosni nedostatak programske biblioteke gnutls28 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close