Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6710-2

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

Packet Storm
#vulnerability#web#ubuntu#dos#perl#firefox

==========================================================================
Ubuntu Security Notice USN-6710-2
April 04, 2024

firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS

Summary:

USN-6710-1 caused some minor regressions in Firefox.

Software Description:

  • firefox: Mozilla Open Source web browser

Details:

USN-6710-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

Original advisory details:

Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)

Manfred Paul discovered that Firefox incorrectly handled MessageManager  

listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
firefox 124.0.2+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-6710-2
https://ubuntu.com/security/notices/USN-6710-1
https://launchpad.net/bugs/2060171

Package Information:
https://launchpad.net/ubuntu/+source/firefox/124.0.2+build1-0ubuntu0.20.04.1

Related news

Gentoo Linux Security Advisory 202407-22

Gentoo Linux Security Advisory 202407-22 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution. Versions greater than or equal to 115.9.1:esr are affected.

Red Hat Security Advisory 2024-1485-03

Red Hat Security Advisory 2024-1485-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1484-03

Red Hat Security Advisory 2024-1484-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

Red Hat Security Advisory 2024-1491-03

Red Hat Security Advisory 2024-1491-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1490-03

Red Hat Security Advisory 2024-1490-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1489-03

Red Hat Security Advisory 2024-1489-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1488-03

Red Hat Security Advisory 2024-1488-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1487-03

Red Hat Security Advisory 2024-1487-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Patch now: Mozilla patches two critical vulnerabilities in Firefox

Mozilla released an update of Firefox to fix two critical security vulnerabilities that together allowed an attacker to escape the sandbox.

Patch now: Mozilla patches two critical vulnerabilities in Firefox

Mozilla released an update of Firefox to fix two critical security vulnerabilities that together allowed an attacker to escape the sandbox.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution