USN-3140-1: Firefox vulnerabilities
30 November 2016
Firefox could be made to crash or run programs as your login if it opened a malicious website.
- firefox - Mozilla Open Source web browser
It was discovered that data: URLs can inherit the wrong origin after a
HTTP redirect in some circumstances. An attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2016-9078)
A use-after-free was discovered in SVG animations. If a user were tricked
in to opening a specially crafted website, an attacker could exploit this
to cause a denial of service via application crash, or execute arbitrary
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart Firefox to make
all the necessary changes.
- USN-3141-1: thunderbird