firefox 82.0.3 was released for xenial, bionic, focal, groovy and hirsute yesterday.
** Changed in: firefox (Ubuntu) Status: New => Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1903677 Title: Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability Status in firefox package in Ubuntu: Fix Released Bug description: A use-after-free error related to the MCallGetProperty opcode can be exploited to execute arbitrary code. The vulnerability is reported in Mozilla Firefox versions prior to 82.0.3 and in Mozilla Firefox ESR versions prior to 78.4.1. Affected Software The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected. Mozilla Firefox 78.x Mozilla Firefox 82.x Update to a fixed version. Mozilla Firefox: Update to version 82.0.3. Mozilla Firefox ESR: Update to version 78.4.1. References 1. https://www.mozilla.org/en-US/security/advisories/mfsa2020-49 <https://www.mozilla.org/en-US/security/advisories/mfsa2020-49> Please provide a patch as soon as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1903677/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp