USN-3076-1: Firefox vulnerabilities Ubuntu Security Notice USN-3076-1 22nd September, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Atte Kettunen discovered an out-of-bounds read when handling certainContent Security Policy (CSP) directives in some circumstances. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas,Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, JonCoppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiplememory safety issues in Firefox. If a user were tricked [ more… ]