Releases
Packages
firefox - Mozilla Open Source web browser
Details
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815 , CVE-2016-2818 )
A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2819 )
A use-after-free was discovered in contenteditable mode in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2821 )
Jordi Chancel discovered a way to use a persistent menu within a
element and place this in an arbitrary location. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to spoof the addressbar contents. (CVE-2016-2822)
Armin Razmdjou that the location.host property can be set to an arbitrary
string after creating an invalid data: URI. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass some same-origin protections. (CVE-2016-2825)
A use-after-free was discovered when processing WebGL content in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2828)
Tim McCormack discovered that the permissions notification can show the
wrong icon when a page requests several permissions in quick succession.
An attacker could potentially exploit this by tricking the user in to
giving consent for access to the wrong resource. (CVE-2016-2829)
It was discovered that a pointerlock can be created in a fullscreen
window without user consent in some circumstances, and this pointerlock
cannot be cancelled without quitting Firefox. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service or conduct clickjacking attacks.
(CVE-2016-2831)
John Schoenick discovered that CSS pseudo-classes can leak information
about plugins that are installed but disabled. An attacker could
potentially exploit this to fingerprint users. (CVE-2016-2832)
Matt Wobensmith discovered that Content Security Policy (CSP) does not
block the loading of cross-domain Java applets when specified by policy.
An attacker could potentially exploit this to bypass CSP protections and
conduct cross-site scripting (XSS) attacks. (CVE-2016-2833)
In addition, multiple unspecified security issues were discovered in NSS.
(CVE-2016-2834)
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
Learn more about Ubuntu Pro
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
firefox
-
47.0+build3-0ubuntu0.16.04.1
Ubuntu 15.10
firefox
-
47.0+build3-0ubuntu0.15.10.1
Ubuntu 14.04
firefox
-
47.0+build3-0ubuntu0.14.04.1
Ubuntu 12.04
firefox
-
47.0+build3-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
CVE-2016-2815
CVE-2016-2818
CVE-2016-2819
CVE-2016-2821
CVE-2016-2822
CVE-2016-2825
CVE-2016-2828
CVE-2016-2829
CVE-2016-2831
CVE-2016-2832
CVE-2016-2833
CVE-2016-2834
Related notices
USN-3023-1
USN-3029-1
Join the discussion
Ubuntu security updates mailing list
Security announcements mailing list
Need help with your security needs?
Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.
Talk to an expert to find out what would work best for you
Further reading
Loading...
OpenStack
OpenStack
What is OpenStack
Features
Managed
Consulting
Install
Support
Ceph
Ceph
What is Ceph
Managed
Consulting
Docs
Install
Kubernetes
Kubernetes
What is Kubernetes
Managed
Install
Docs
Resources
Managed Services
Managed Services
OpenStack
Kubernetes
Ceph
Apps
Firefighting
AI / ML
AI / ML
MLOps
Kubeflow
MLflow
Consulting
Data Science
MLOps workshop
Robotics
Robotics
What is ROS
ROS ESM
Community
Docs
IoT
IoT
App store
Embedded Linux
Management
Ubuntu Core
Ubuntu Core
Features
Success stories
Services
Docs
Ubuntu Desktop
Ubuntu Desktop
Organisations
Developers
Flavours
WSL
Ubuntu Server
Ubuntu Server
Hyperscale
Docs
Cloud
Cloud
What is cloud computing
What is private cloud
What is hybrid cloud
What is multi-cloud
Public cloud
Security
Security
ESM
Livepatch
Certifications & Hardening
CVEs
Notices
Docker Images
Landscape
Landscape
Features
Managed
Compare
Install
Docs
Log in to Landscape
Containers
Containers
What are containers
Chiseled Ubuntu
Chiseled and .NET
Downloads
Downloads
Desktop
Server
Core
Cloud
Support
Support
Your subscriptions
Account users
Pricing
Discourse
Pricing
Pricing
Consulting
Desktops
Devices
Solutions
AI
Data
Infrastructure
Secure open source
Sectors
Automotive
Industrial
Government
Telco
Finance
Contact us
About us
Community
Careers
Blog
Resources
Press centre
.twitter-icon {
fill: #666666;
}
.cls-2 {
fill: #e5e5e5;
}
.facebook-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.linkedin-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.instagram-icon {
fill: #666666;
}
.cls-2 {
fill: #fff;
}
.rss-icon {
fill: #666666;
}
.cls-2 {
fill: #E5E5E5;
}
© 2025 Canonical Ltd.
Ubuntu and Canonical are registered trademarks of Canonical Ltd.
Legal information
Data privacy
Manage your tracker settings
Report a bug on this site
Back to top
Go to the top of the page