USN-3516-1: Firefox vulnerabilities
USN-3516-1: Firefox vulnerabilities Ubuntu Security Notice USN-3516-1 5th January, 2018 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to expose sensitive information. Software description firefox – Mozilla Open Source web browser Details It was discovered that speculative execution performed by modern CPUscould leak information through a timing side-channel attack, and thatthis could be exploited in web browser JavaScript engines. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to obtain sensitive information from otherdomains, bypassing same-origin restrictions. (CVE-2017-5715,CVE-2017-5753, CVE-2017-5754). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: firefox 57.0.4+build1-0ubuntu0.17.10.1 Ubuntu 17.04: firefox 57.0.4+build1-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: firefox 57.0.4+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: firefox 57.0.4+build1-0ubuntu0.14.04.1 [ more… ]