You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa firefox

Sigurnosni nedostaci programskog paketa firefox

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4054-2
July 25, 2019

firefox regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4054-1 caused some minor regressions in Firefox.

Software Description:
– firefox: Mozilla Open Source web browser

Details:

USN-4054-1 fixed vulnerabilities in Firefox. The update introduced
various minor regressions. This update fixes the problems.

We apologize for the inconvenience.

Original advisory details:

 A sandbox escape was discovered in Firefox. If a user were tricked in to
 installing a malicious language pack, an attacker could exploit this to
 gain additional privileges. (CVE-2019-9811)
 
 Multiple security issues were discovered in Firefox. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit these to cause a denial of service, obtain sensitive
 information, bypass same origin restrictions, conduct cross-site scripting
 (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof
 origin attributes, spoof the addressbar contents, bypass safebrowsing
 protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710,
 CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714,
 CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718,
 CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723,
 CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728,
 CVE-2019-11729)
 
 It was discovered that Firefox treats all files in a directory as same
 origin. If a user were tricked in to downloading a specially crafted HTML
 file, an attacker could potentially exploit this to obtain sensitive
 information from local files. (CVE-2019-11730)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  firefox                         68.0.1+build1-0ubuntu0.19.04.1

Ubuntu 18.04 LTS:
  firefox                         68.0.1+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  firefox                         68.0.1+build1-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  https://usn.ubuntu.com/4054-2
  https://usn.ubuntu.com/4054-1
  https://launchpad.net/bugs/1837941

Package Information:
 
https://launchpad.net/ubuntu/+source/firefox/68.0.1+build1-0ubuntu0.19.04.1
 
https://launchpad.net/ubuntu/+source/firefox/68.0.1+build1-0ubuntu0.18.04.1
 
https://launchpad.net/ubuntu/+source/firefox/68.0.1+build1-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl06Dd0ACgkQYR+97NWU
bg/lgwf/R+0qNt65Zzc1VixPR94TaQdWV/7knmgQwL5KbEEfOUJlGzHtPeZzZtVq
zCddWXO/q6Oc2GYbIBg7lddjPLnk+1Hxptc791Qyjcar1ETQ9YKySbn2yDkySfHg
Gg/OvGxMcC8wmUZEUqj+yaFcw7p0fboXnz45Puc7F5v85NY9SdGd4e6+ROkuTaEI
5YrsyUVDkXwY662YG1bRbj+TdIr/UOxlwP8FIL1CuZX3mjCtqPLQx8gGOjf14iSp
qj5xAxnzbl8Aad02moVpdQsaCD7jqT820MyeDv+t14b4gJCK+yTw2zGSFLZbglS8
mViSn8gZi9JQK2piSwdSn4RrW7KDiA==
=BXEO
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili izvršavanje proizvoljnog programskog...

Close