09 Mar

Firefox vulnerabilities USN-2917-1

A security issue (Firefox vulnerabilities) affects these releases of Ubuntu (also Lubuntu) and its derivatives (versions 15.10, 14.04 LTS and 12.04 LTS), that could be made to crash or run programs as your login if it opened a malicious website.

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950)

34 vulnerabilities were discovered and fixed using 45.0+build2. But you don’t have to worry, as upgrades will come in the next hours. More information (and downloads) here.