USN-7065-1: Firefox vulnerability
14 October 2024
Firefox could be made to run programs as your login if it opened a malicious website.
Releases
Packages
- firefox - Mozilla Open Source web browser
Details
Damien Schaeffer discovered that Firefox did not properly manage memory in
the content process when handling Animation timelines, leading to a use
after free vulnerability. An attacker could possibly use this issue to
achieve remote code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
After a standard system update you need to restart Firefox to make all the
necessary changes.