USN-1608-1: Firefox vulnerabilities

11 October 2012

Several security issues were fixed in Firefox.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • firefox - Mozilla Open Source web browser

Details

It was discovered that the browser engine used in Firefox contained a
memory corruption flaw. If a user were tricked into opening a specially
crafted web page, a remote attacker could cause Firefox to crash or
potentially execute arbitrary code as the user invoking the program.
(CVE-2012-4191)

It was discovered that Firefox allowed improper access to the Location
object. An attacker could exploit this to obtain sensitive information.
(CVE-2012-4192)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04

After a standard system update you need to restart Firefox to make
all the necessary changes.

Related notices