1. Forum
  2. FidoNet
  3. SECURITY

  • Ubuntu Security Notice USN-5880-2

    From Security Bot@2:467/4.444 to All on Fri Sep 8 03:22:00 2023


    Ubuntu Security Notice USN-5880-2

    Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in
    Firefox. The update introduced several minor regressions. This update
    fixes the problem. Christian Holler discovered that Firefox did not
    properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered
    that Firefox did not properly manage permissions of extensions interaction
    via ExpandedPrincipals. An attacker could potentially exploits this issue
    to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script
    invoking requestFullscreen. An attacker could potentially exploit this
    issue to perform spoofing attacks. Ronald Crane discovered that Firefox
    did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of
    service. Samuel Grob discovered that Firefox did not properly manage
    memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger
    Fuhrmannek discovered that Firefox did not properly manage memory when
    using Module load requests. An attacker could potentially exploits this
    issue to cause a denial of service. Multiple security issues were
    discovered in Firefox. If a user were tricked into opening a specially
    crafted website, an attacker could potentially exploit these to cause a
    denial of service, obtain sensitive information across domains, or execute arbitrary code.

    https://packetstormsecurity.com/files/171204/USN-5880-2.txt

    Wed, 01 Mar 2023 14:48:00 GMT
    ________________________________
    --- The information is for inforamtional purposes only.
    * Origin: Read us with http://winpoint.org JID: rs@captflint.com (2:467/4.444)