firefox 82.0.3 was released for xenial, bionic, focal, groovy and
hirsute yesterday.
** Changed in: firefox (Ubuntu)
Status: New => Fix Released
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1903677
Title:
Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability
Status in firefox package in Ubuntu:
Fix Released
Bug description:
A use-after-free error related to the MCallGetProperty opcode can be
exploited to execute arbitrary code.
The vulnerability is reported in Mozilla Firefox versions prior to
82.0.3 and in Mozilla Firefox ESR versions prior to 78.4.1.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Mozilla Firefox 78.x
Mozilla Firefox 82.x
Update to a fixed version.
Mozilla Firefox:
Update to version 82.0.3.
Mozilla Firefox ESR:
Update to version 78.4.1.
References
1. https://www.mozilla.org/en-US/security/advisories/mfsa2020-49
<https://www.mozilla.org/en-US/security/advisories/mfsa2020-49>
Please provide a patch as soon as possible.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1903677/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
