drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Firefox
Name: |
Zwei Probleme in Firefox |
|
ID: |
USN-6710-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS |
|
Datum: |
Mo, 25. März 2024, 07:05 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29943 |
|
Applikationen: |
Mozilla Firefox |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0969507920643110201== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Pu29Iq0T031Qsr8Vhh6yqToG"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Pu29Iq0T031Qsr8Vhh6yqToG Content-Type: multipart/mixed; boundary="------------ryz0w39kOaPM0I6bX4rclWsQ"; protected-headers="v1" From: Evan Caville <evan.caville@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <4140b9af-4f1c-4e6c-b942-cc82499e4436@canonical.com> Subject: [USN-6710-1] Firefox vulnerabilities
--------------ryz0w39kOaPM0I6bX4rclWsQ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6710-1 March 25, 2024
firefox vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description: - firefox: Mozilla Open Source web browser
Details:
Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943)
Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: firefox 124.0.1+build1-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6710-1 CVE-2024-29943, CVE-2024-29944
Package Information: https://launchpad.net/ubuntu/+source/firefox/124.0.1+build1-0ubuntu0.20.04.1
--------------ryz0w39kOaPM0I6bX4rclWsQ--
--------------Pu29Iq0T031Qsr8Vhh6yqToG Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmYBBYAFAwAAAAAACgkQWNrRIKaTkWet 2g//Q/iD2gqYSkcci/rDuBHNNoDx9RndtHQticMwIniGVQmWDmtUirhN6dbOM5L8ud17hh2obzKS dFeuL5HTvoEWNV+dsam5GpX4qelEYQKxP8BtVNHSHGMVPrp0nse9XiK4qLMaa5kVrNcZ8eRdrY5a VaP1eMvKfExFmZOexK4WXmd0viN/TSqsmpRd1dJWA/0FFVZK4g1OTg6bA2HOXD+mbbExyYj3ZRmv nhoKU4cheeaJQjwp1ESxyBF3PogB1vMI9jVgwo1j7v4ANfcXxuhJULxB8dW5MIjpVk4flc8tC9/d A3ZGrNaNakCsXfvDAPfoX+G9fl/5a1VbDD5PjvSezyTD4AuvhMCqr68FI2ThC8DaKFzhvTb/4G6d OZ4lZyIhDYNva7bCZw+Mx5JB3Vqy8djrDEklcdCat2+anVaZqydrwf/zak9XVC6egIeMcdyHANvK NLC/9+YBqwFdjAXniFh02+DitFmo1poGmF9Px4mZ7mx24GGvj7ApvtYWvz1JbrfNMZHiFB10IasP gnRdKyYIMd8KWPMxMnB7TLB3NKKpBI9afSC5dfTrzFcfIYLOeT5XOZrBR+8JN/VCVfkk8J9qhkwU A9f8ZFm34zbQAclGGR8JTG151z5MT3FaQZzlmaUCdvM6qDw8tJJ82FQQxKkKDC4CWIwsz+2Psy+1 j9o= =IX8w -----END PGP SIGNATURE-----
--------------Pu29Iq0T031Qsr8Vhh6yqToG--
--===============0969507920643110201== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============0969507920643110201==--
|
|
|
|