USN-4353-1: Firefox vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
Firefox could be made to crash or run programs as your login if it
\nopened a malicious website.<\/p>\n
Multiple security issues were discovered in Firefox. If a user were
\ntricked in to opening a specially crafted website, an attacker could
\npotentially exploit these to cause a denial of service, bypass security
\nrestrictions, spoof the URL bar, or execute arbitrary code.
\n(CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391,
\nCVE-2020-12394, CVE-2020-12395, CVE-2020-12396)<\/p>\n
It was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not
\nproperly HTTP POST data of a request. If a user were tricked in to using
\nthe \u2018Copy as cURL\u2019 feature to copy and paste a command with specially
\ncrafted data in to a terminal, an attacker could potentially exploit this
\nto obtain sensitive information from local files.
\n(CVE-2020-12392)<\/p>\n
The problem can be corrected by updating your system to the following package versions:<\/p>\n
To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n After a standard system update you need to restart Firefox to make Source: USN-4353-1: Firefox vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-4353-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not properly HTTP POST data of a request. If a user were tricked in to using the \u2018Copy as cURL\u2019 feature to copy and [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-36691","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/36691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=36691"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/36691\/revisions"}],"predecessor-version":[{"id":36692,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/36691\/revisions\/36692"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=36691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=36691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=36691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nall the necessary changes.<\/p>\nReferences<\/h2>\n
\n