You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa firefox

Sigurnosni nedostaci programskog paketa firefox

==========================================================================
Ubuntu Security Notice USN-3801-1
October 24, 2018

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
– firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass CSP
restrictions, spoof the protocol registration notification bar, leak
SameSite cookies, bypass mixed content warnings, or execute arbitrary
code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402,
CVE-2018-12403)

Multiple security issues were discovered with WebExtensions in Firefox.
If a user were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to bypass domain restrictions,
gain additional privileges, or run content scripts in local pages without
permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  firefox                         63.0+build2-0ubuntu0.18.10.2

Ubuntu 18.04 LTS:
  firefox                         63.0+build2-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
  firefox                         63.0+build2-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
  firefox                         63.0+build2-0ubuntu0.14.04.2

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3801-1
  CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393,
  CVE-2018-12395, CVE-2018-12396, CVE-2018-12397, CVE-2018-12398,
  CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/63.0+build2-0ubuntu0.18.10.2
  https://launchpad.net/ubuntu/+source/firefox/63.0+build2-0ubuntu0.18.04.2
  https://launchpad.net/ubuntu/+source/firefox/63.0+build2-0ubuntu0.16.04.2
  https://launchpad.net/ubuntu/+source/firefox/63.0+build2-0ubuntu0.14.04.2

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAlvQxsMACgkQYR+97NWU
bg9JSggAqGILObzpchrqqN/zf6QQpPM9oIWLaGXRC2oiGncra3bpCfcQY+vtpc6z
C2KeJTsU9vfS71F4agpnpBUjvvJ6PE3TjVLB/KdJSsL5LeKYcowjU76BfuAY6wIa
6w0g2N7URCRtyzBw2pFyKHyqsVmwkUDZ9JhkFFF1CwedIoH6bvRuf/1suhYmXLGF
dAK9dQptk5Qdm5rnVbEW8xnotMrLkWwjppMDYIjie25ADea5qfl4eCHTsid2CcYa
Sovx+jv8wiTDNvt2sAUGLQuy7mV0CEd55D8yzGsDEFq5egV9sN8E6CKF9dt7tXkL
klyUhaC04iMBnSj/MYxIvtDG5zDhbQ==
=cetO
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost Cisco Webex Meetings Desktop softvera

Otkrivena je ranjivost kod Cisco Webex Meetings Desktop softvera za operacijski sustav Windows. Ranjivost je posljedica neispravne verifikacije korisničkih podataka....

Close