This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0342811712397933059== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------u7VxwneOzsmXl6cutqu0YmbO"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------u7VxwneOzsmXl6cutqu0YmbO Content-Type: multipart/mixed; boundary="------------eW6YzEsFVZTWjZc0Ld4C03lH"; protected-headers="v1" From: Evan Caville <evan.caville@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <83b949b2-a095-4507-903a-93e73d61b9f5@canonical.com> Subject: [USN-7191-1] Firefox vulnerabilities
--------------eW6YzEsFVZTWjZc0Ld4C03lH Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-7191-1 January 09, 2025
firefox vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description: - firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-0237, CVE-2025-0239, CVE-2025-0240, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247)
Irvan Kurniawan discovered that Firefox incorrectly handled memory when breaking lines in text, leading to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2025-0238)
Nils Bars discovered that Firefox incorrectly handled memory when using JavaScript Text Segmentation. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-0241)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS firefox 134.0+build1-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-7191-1 CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240, CVE-2025-0241, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247
Package Information: https://launchpad.net/ubuntu/+source/firefox/134.0+build1-0ubuntu0.20.04.1
--------------eW6YzEsFVZTWjZc0Ld4C03lH--
--------------u7VxwneOzsmXl6cutqu0YmbO Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmd/UjkFAwAAAAAACgkQWNrRIKaTkWfs Mw/+PaSiiYq47hKrfm9IKjA2y9qAlBq6af8N+dQz8aFjEOMVgppqqFUCooBcnT8Rw+nZo+KIh8K1 u90/bO4epyUC8/2dRW5fbF5p9+x9JTeFRQboapXLe+o55W7Kn2GDJ2I/ICgcFsNpNWvZdYBIYIUB Z9rhlMMpmjiMiP8Uene/BVwS/SbDdDTdOglLn9ks0ywj7ndD0mIFkTugvXDoRQbrh+Hz20hW2Z8f dCmZaP2IYPGJSpIuKCtWMXfcMMbSyIhsC2qXwDeg1Ps7JtcIPB/v3IFH4jAE/B6fRBL/UoBtaIAD BZxBC98HebPI382vmvyUR2MiM/zPImxH/Ykd+cBureqhA5nmKZHPD+2Dk9XLPmB5slpGs+U9UlT5 KHfVqO3YLixRLWpppTYKd3ncC4UCzXpDcIhjz03pij8AGqYwNr6Mg7n7W9c36td/+8Q2q1XdUWTW YV3AnhHXNdjNIebBd/onFHCAZmhQMoeiyWt82qR9VEafrdMSi9g/ptWQqwOJ72sqrpMb6HCGITAT 7V8SDCeXGg5HdmQG4vHlBJ1nbDMYaV9LKRCViRcKVXG3JhdOc3LA0v3wIHxbkeAz+4544yWCufIP SyHBR55bQwTIU8V4G8nym4N+UspYZhoFcRHnMPIVZ15j6wVk7JLpDh5Sol5Qhb0imPlx0cNfWvqj us4= =P7yV -----END PGP SIGNATURE-----
--------------u7VxwneOzsmXl6cutqu0YmbO--
--===============0342811712397933059== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============0342811712397933059==--
|