USN-3991-1: Firefox vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
Firefox could be made to crash or run programs as your login if it
\nopened a malicious website.<\/p>\n
Multiple security issues were discovered in Firefox. If a user were
\ntricked in to opening a specially crafted website, an attacker could
\npotentially exploit these to cause a denial of service, spoof the browser
\nUI, trick the user in to launching local executable binaries, obtain
\nsensitive information, conduct cross-site scripting (XSS) attacks, or
\nexecute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,
\nCVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701,
\nCVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819,
\nCVE-2019-9820, CVE-2019-9821)<\/p>\n
It was discovered that pressing certain key combinations could bypass
\naddon installation prompt delays. If a user opened a specially crafted
\nwebsite, an attacker could potentially exploit this to trick them in to
\ninstalling a malicious extension. (CVE-2019-11697)<\/p>\n
It was discovered that history data could be exposed via drag and drop
\nof hyperlinks to and from bookmarks. If a user were tricked in to dragging
\na specially crafted hyperlink to the bookmark toolbar or sidebar, and
\nsubsequently back in to the web content area, an attacker could
\npotentially exploit this to obtain sensitive information. (CVE-2019-11698)<\/p>\n
A type confusion bug was discovered with object groups and UnboxedObjects.
\nIf a user were tricked in to opening a specially crafted website after
\nenabling the UnboxedObjects feature, an attacker could potentially
\nexploit this to bypass security checks. (CVE-2019-9816)<\/p>\n
The problem can be corrected by updating your system to the following package versions:<\/p>\n
To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n After a standard system update you need to restart Firefox to make Source: USN-3991-1: Firefox vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3991-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-31205","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=31205"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31205\/revisions"}],"predecessor-version":[{"id":31206,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31205\/revisions\/31206"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=31205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=31205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=31205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nall the necessary changes.<\/p>\nReferences<\/h2>\n
\n