** Changed in: firefox (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1910518
Title:
Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability;
ThreatCon 5
Status in firefox package in Ubuntu:
Fix Released
Bug description:
A vulnerability has been reported in Mozilla Firefox and Mozilla
Firefox ESR, which can be exploited by malicious people to compromise
a vulnerable system.
A use-after-free error when handling a COOKIE-ECHO chunk can be exploited to
execute arbitrary code via a specially crafted SCTP packet.
The vulnerability is reported in Mozilla Firefox versions prior to
84.0.2 and in Mozilla Firefox ESR versions prior to 78.6.1.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Mozilla Firefox 78.x
Mozilla Firefox 84.x
Solution
Update to a fixed version.
Mozilla Firefox:
Update to version 84.0.2.
Mozilla Firefox ESR:
Update to version 78.6.1.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01
Ubuntu 18 is affected: last version is 84.0.1+build1-0ubuntu0.18.04.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1910518/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
