[Desktop-packages] [Bug 1916712] Re: Mozilla Firefox Multiple Vulnerabilities

Tue, 09 Mar 2021 04:11:31 -0800 

** Information type changed from Private Security to Public Security

** Changed in: firefox (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1916712

Title:
  Mozilla Firefox Multiple Vulnerabilities

Status in firefox package in Ubuntu:
  Fix Released

Bug description:
  CVE Numbers

  CVE‑2021‑23969 <https://cve.mitre.org/cgi-
  bin/cvename.cgi?name=CVE-2021-23969> , CVE‑2021‑23968
  <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968> ,
  CVE‑2021‑23978 <https://cve.mitre.org/cgi-
  bin/cvename.cgi?name=CVE-2021-23978> , CVE‑2021‑23974
  <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23974> ,
  CVE‑2021‑23971 <https://cve.mitre.org/cgi-
  bin/cvename.cgi?name=CVE-2021-23971> , CVE‑2021‑23979
  <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23979>

  Multiple vulnerabilities have been reported in Mozilla Firefox, which
  can be exploited by malicious people to conduct cross-site scripting
  attacks, disclose sensitive information, and compromise a vulnerable
  system.

  1

  Some errors related to memory safety can be exploited to corrupt
  memory.

  2

  Some further errors related to memory safety can be exploited to
  corrupt memory.

  3

  An error when handling redirects when submitting a Content Security
  Policy violation report can be exploited to disclose the URL of a
  redirect.

  4

  An error when blocking frame navigation when submitting a Content
  Security Policy violation report can be exploited to disclose the URL
  of a redirect.

  5

  An error when handling noscript elements can be exploited to bypass
  HTML Sanitizers and subsquently conduct cross-site scripting attacks.

  6

  An error when processing redirects with a conflicting Referrer-Policy
  can be exploited to disclose the URL to the destination of the
  redirect.

  The vulnerabilities are reported in versions prior to 86.

  
  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  Mozilla Firefox 85.x

  
  Solution

  Upgrade to version 86.

  
  Please take appropriate measures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1916712/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to