USN-3260-1: Firefox vulnerabilities
First published: Fri Apr 21 2017(Updated: )
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/firefox | <53.0+build6-0ubuntu0.17.04.1 | 53.0+build6-0ubuntu0.17.04.1 |
| =17.04 | ||
| All of | ||
| ubuntu/firefox | <53.0+build6-0ubuntu0.16.10.1 | 53.0+build6-0ubuntu0.16.10.1 |
| =16.10 | ||
| All of | ||
| ubuntu/firefox | <53.0+build6-0ubuntu0.16.04.1 | 53.0+build6-0ubuntu0.16.04.1 |
| =16.04 | ||
| All of | ||
| ubuntu/firefox | <53.0+build6-0ubuntu0.14.04.1 | 53.0+build6-0ubuntu0.14.04.1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-5429
- https://ubuntu.com/security/CVE-2017-5430
- https://ubuntu.com/security/CVE-2017-5432
- https://ubuntu.com/security/CVE-2017-5433
- https://ubuntu.com/security/CVE-2017-5434
- https://ubuntu.com/security/CVE-2017-5435
- https://ubuntu.com/security/CVE-2017-5436
- https://ubuntu.com/security/CVE-2017-5437
- https://ubuntu.com/security/CVE-2017-5438
- https://ubuntu.com/security/CVE-2017-5439
- https://ubuntu.com/security/CVE-2017-5440
- https://ubuntu.com/security/CVE-2017-5441
- https://ubuntu.com/security/CVE-2017-5442
- https://ubuntu.com/security/CVE-2017-5443
- https://ubuntu.com/security/CVE-2017-5444
- https://ubuntu.com/security/CVE-2017-5445
- https://ubuntu.com/security/CVE-2017-5446
- https://ubuntu.com/security/CVE-2017-5447
- https://ubuntu.com/security/CVE-2017-5448
- https://ubuntu.com/security/CVE-2017-5449
- https://ubuntu.com/security/CVE-2017-5451
- https://ubuntu.com/security/CVE-2017-5453
- https://ubuntu.com/security/CVE-2017-5454
- https://ubuntu.com/security/CVE-2017-5455
- https://ubuntu.com/security/CVE-2017-5456
- https://ubuntu.com/security/CVE-2017-5458
- https://ubuntu.com/security/CVE-2017-5459
- https://ubuntu.com/security/CVE-2017-5460
- https://ubuntu.com/security/CVE-2017-5461
- https://ubuntu.com/security/CVE-2017-5462
- https://ubuntu.com/security/CVE-2017-5464
- https://ubuntu.com/security/CVE-2017-5465
- https://ubuntu.com/security/CVE-2017-5466
- https://ubuntu.com/security/CVE-2017-5467
- https://ubuntu.com/security/CVE-2017-5468
- https://ubuntu.com/security/CVE-2017-5469
- https://ubuntu.com/security/notices/USN-3278-1
- https://ubuntu.com/security/notices/USN-3372-1
- https://ubuntu.com/security/notices/USN-3270-1
- https://launchpad.net/ubuntu/+source/firefox/53.0+build6-0ubuntu0.17.04.1
- https://launchpad.net/ubuntu/+source/firefox/53.0+build6-0ubuntu0.16.10.1
- https://launchpad.net/ubuntu/+source/firefox/53.0+build6-0ubuntu0.16.04.1
- https://launchpad.net/ubuntu/+source/firefox/53.0+build6-0ubuntu0.14.04.1
- https://ubuntu.com/security/notices/USN-3260-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- CVE-2017-5429
- CVE-2017-5430
- CVE-2017-5432
- CVE-2017-5433
- CVE-2017-5434
- CVE-2017-5435
- CVE-2017-5436
- CVE-2017-5437
- CVE-2017-5438
- CVE-2017-5439
- CVE-2017-5440
- CVE-2017-5441
- CVE-2017-5442
- CVE-2017-5443
- CVE-2017-5444
- CVE-2017-5445
- CVE-2017-5446
- CVE-2017-5447
- CVE-2017-5448
- CVE-2017-5449
- CVE-2017-5451
- CVE-2017-5453
- CVE-2017-5454
- CVE-2017-5455
- CVE-2017-5456
- CVE-2017-5458
- CVE-2017-5459
- CVE-2017-5460
- CVE-2017-5461
- CVE-2017-5462
- CVE-2017-5464
- CVE-2017-5465
- CVE-2017-5466
- CVE-2017-5467
- CVE-2017-5468
- CVE-2017-5469
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/usn
- source/Ubuntu
- anchor-related/USN-3278-1
- anchor-related/USN-3372-1
- anchor-related/USN-3270-1
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/17.04
- version/ubuntu ubuntu/16.10
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04