Releases
Packages
firefox - Mozilla Open Source web browser
Details
Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others
discovered several memory corruption flaws in Firefox. If a user were
tricked into opening a specially crafted web page, a remote attacker could
cause Firefox to crash or potentially execute arbitrary code as the user
invoking the program. (CVE-2012-3982 , CVE-2012-3983 , CVE-2012-3988 ,
CVE-2012-3989 )
David Bloom and Jordi Chancel discovered that Firefox did not always
properly handle the element. A remote attacker could exploit this
to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984)
Collin Jackson discovered that Firefox did not properly follow the HTML5
specification for document.domain behavior. A remote attacker could exploit
this to conduct cross-site scripting (XSS) attacks via javascript
execution. (CVE-2012-3985)
Johnny Stenback discovered that Firefox did not properly perform security
checks on test methods for DOMWindowUtils. (CVE-2012-3986)
Alice White discovered that the security checks for GetProperty could be
bypassed when using JSAPI. If a user were tricked into opening a specially
crafted web page, a remote attacker could exploit this to execute arbitrary
code as the user invoking the program. (CVE-2012-3991)
Mariusz Mlynski discovered a history state error in Firefox. A remote
attacker could exploit this to spoof the location property to inject script
or intercept posted data. (CVE-2012-3992)
Mariusz Mlynski and others discovered several flaws in Firefox that allowed
a remote attacker to conduct cross-site scripting (XSS) attacks.
(CVE-2012-3993, CVE-2012-3994, CVE-2012-4184)
Abhishek Arya, Atte Kettunen and others discovered several memory flaws in
Firefox when using the Address Sanitizer tool. If a user were tricked into
opening a specially crafted web page, a remote attacker could cause Firefox
to crash or potentially execute arbitrary code as the user invoking the
program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,
CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
Learn more about Ubuntu Pro
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04
firefox
-
16.0+build1-0ubuntu0.12.04.1
Ubuntu 11.10
firefox
-
16.0+build1-0ubuntu0.11.10.1
Ubuntu 11.04
firefox
-
16.0+build1-0ubuntu0.11.04.1
Ubuntu 10.04
firefox
-
16.0+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References
CVE-2012-3983
CVE-2012-3982
CVE-2012-3984
CVE-2012-3985
CVE-2012-3986
CVE-2012-3988
CVE-2012-3989
CVE-2012-3991
CVE-2012-3994
CVE-2012-3993
CVE-2012-4184
CVE-2012-3992
CVE-2012-3995
CVE-2012-4179
CVE-2012-4180
CVE-2012-4181
CVE-2012-4182
CVE-2012-4183
CVE-2012-4185
CVE-2012-4186
CVE-2012-4187
CVE-2012-4188
CVE-2012-3990
Related notices
USN-1611-1
Join the discussion
Ubuntu security updates mailing list
Security announcements mailing list
Need help with your security needs?
Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.
Talk to an expert to find out what would work best for you
Further reading
Loading...
OpenStack
OpenStack
What is OpenStack
Features
Managed
Consulting
Install
Support
Ceph
Ceph
What is Ceph
Managed
Consulting
Docs
Install
Kubernetes
Kubernetes
What is Kubernetes
Managed
Install
Docs
Resources
Managed Services
Managed Services
OpenStack
Kubernetes
Ceph
Apps
Firefighting
AI / ML
AI / ML
MLOps
Kubeflow
MLflow
Consulting
Data Science
MLOps workshop
Robotics
Robotics
ROS ESM
What is ROS
Community
Docs
IoT
IoT
App store
Embedded Linux
Management
Ubuntu Core
Ubuntu Core
Features
Success stories
Services
Docs
Ubuntu Desktop
Ubuntu Desktop
Organisations
Developers
Flavours
WSL
Ubuntu Server
Ubuntu Server
Hyperscale
Docs
Cloud
Cloud
What is cloud computing
What is private cloud
What is hybrid cloud
What is multi-cloud
Public cloud
Security
Security
ESM
Livepatch
Certifications & Hardening
CVEs
Notices
Docker Images
Landscape
Landscape
Features
Managed
Compare
Install
Docs
Log in to Landscape
Containers
Containers
What are containers
Chiseled Ubuntu
Chiseled and .NET
Downloads
Downloads
Desktop
Server
Core
Cloud
Support
Support
Your subscriptions
Account users
Pricing
Discourse
Pricing
Pricing
Consulting
Desktops
Devices
Solutions
AI
Data
Infrastructure
Secure open source
Sectors
Automotive
Industrial
Government
Telco
Finance
Contact us
About us
Community
Careers
Blog
Resources
Press centre
.twitter-icon {
fill: #666666;
}
.cls-2 {
fill: #e5e5e5;
}
.facebook-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.linkedin-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.instagram-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.rss-icon {
fill: #666666;
}
.cls-2 {
fill: #E5E5E5;
}
© 2025 Canonical Ltd.
Ubuntu and Canonical are registered trademarks of Canonical Ltd.
Legal information
Data privacy
Manage your tracker settings
Report a bug on this site
Back to top
Go to the top of the page