[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[USN-1608-1] Firefox vulnerabilities

Ubuntu Security Notice USN-1608-1
October 11, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS


Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser


It was discovered that the browser engine used in Firefox contained a
memory corruption flaw. If a user were tricked into opening a specially
crafted web page, a remote attacker could cause Firefox to crash or
potentially execute arbitrary code as the user invoking the program.

It was discovered that Firefox allowed improper access to the Location
object. An attacker could exploit this to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  firefox                         16.0.1+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
  firefox                         16.0.1+build1-0ubuntu0.11.10.1

Ubuntu 11.04:
  firefox                         16.0.1+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:
  firefox                         16.0.1+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

  CVE-2012-4191, CVE-2012-4192, https://launchpad.net/bugs/1065285

Package Information:

Attachment: signature.asc
Description: OpenPGP digital signature

ubuntu-security-announce mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce