Articles / Ubuntu: Security update for...

Ubuntu: Security update for Firefox

It was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. It was discovered that Firefox allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information.

Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1608-1
October 11, 2012

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

It was discovered that the browser engine used in Firefox contained a
memory corruption flaw. If a user were tricked into opening a specially
crafted web page, a remote attacker could cause Firefox to crash or
potentially execute arbitrary code as the user invoking the program.
(CVE-2012-4191)

It was discovered that Firefox allowed improper access to the Location
object. An attacker could exploit this to obtain sensitive information.
(CVE-2012-4192)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
 firefox                         16.0.1+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
 firefox                         16.0.1+build1-0ubuntu0.11.10.1

Ubuntu 11.04:
 firefox                         16.0.1+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:
 firefox                         16.0.1+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1608-1
 CVE-2012-4191, CVE-2012-4192, https://launchpad.net/bugs/1065285

Package Information:
 https://launchpad.net/ubuntu/+source/firefox/16.0.1+build1-0ubuntu0.12.04.1
 https://launchpad.net/ubuntu/+source/firefox/16.0.1+build1-0ubuntu0.11.10.1
 https://launchpad.net/ubuntu/+source/firefox/16.0.1+build1-0ubuntu0.11.04.1
 https://launchpad.net/ubuntu/+source/firefox/16.0.1+build1-0ubuntu0.10.04.1
Screenshot

Project Spotlight

procenv

A command-line utility that simply dumps all attributes of its environment.

Screenshot

Project Spotlight

Goggles Music Manager

A music collection manager and player.