Packages
- firefox - Mozilla Open Source web browser
Details
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418,
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)
Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attacker could potentially exploit these to cause a denial of service.
(CVE-2022-45412)
Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did not
properly sanitize the HTML download file extension under certain circumstances.
If a user were tricked into downloading and executing malicious content, a
remote attacker could execute arbitrary code with the privileges of the user
invoking the programs. (CVE-2022-45415)
Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefox
incorrectly handled keyboard events. An attacker could possibly use this
issue to perform a timing side-channel attack and possibly figure out which
keys are being pressed. (CVE-2022-45416)
Kagami discovered that Firefox did not detect Private Browsing Mode correctly.
An attacker could possibly use this issue to obtain sensitive information about
Private Browsing Mode.
(CVE-2022-45417)
Update instructions
After a standard system update you need to restart Firefox to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | firefox – 107.0+build2-0ubuntu0.20.04.1 | ||
| 18.04 bionic | firefox – 107.0+build2-0ubuntu0.18.04.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2022-45421
- CVE-2022-45420
- CVE-2022-45419
- CVE-2022-45418
- CVE-2022-45417
- CVE-2022-45416
- CVE-2022-45415
- CVE-2022-45413
- CVE-2022-45412
- CVE-2022-45411
- CVE-2022-45421
- CVE-2022-45420
- CVE-2022-45419
- CVE-2022-45418
- CVE-2022-45417
- CVE-2022-45416
- CVE-2022-45415
- CVE-2022-45413
- CVE-2022-45412
- CVE-2022-45411
- CVE-2022-45410
- CVE-2022-45409
- CVE-2022-45408
- CVE-2022-45407
- CVE-2022-45406
- CVE-2022-45405
- CVE-2022-45404
- CVE-2022-45403
- CVE-2022-40674