Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 20.04 LTS: USN-6367-1 Critical: Firefox WebP Denial of Service

Calendar Sep 14, 2023 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu firefox malicious image
Firefox could be made to crash or run programs if it opened a malicious website. 
==========================================================================
Ubuntu Security Notice USN-6367-1
September 14, 2023

firefox vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Firefox could be made to crash or run programs if it opened a malicious
website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

It was discovered that Firefox did not properly manage memory when handling
WebP images. If a user were tricked into opening a webpage containing
malicious WebP image file, an attacker could potentially exploit these to
cause a denial of service or execute arbitrary code. (CVE-2023-4863)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  firefox                         117.0.1+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6367-1
  CVE-2023-4863

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/117.0.1+build2-0ubuntu0.20.04.1

Ubuntu 20.04 LTS: USN-6367-1 Critical: Firefox WebP Denial of Service

ubuntu
Calendar Grey September 14, 2023
Dist Ubuntu Esm H88
Harmful SVG files in Chrome may leverage flaws, resulting in system failures or unauthorized commands on Fedora 36.
Firefox could be made to crash or run programs if it opened a malicious website.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Firefox could be made to crash or run programs if it opened a malicious website. Software Description: - firefox: Mozilla Open Source web browser Details: It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code. (CVE-2023-4863)

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu firefox malicious image

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 117.0.1+build2-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6367-1

CVE-2023-4863

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6367-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu firefox malicious image

Package Information

https://launchpad.net/ubuntu/+source/firefox/117.0.1+build2-0ubuntu0.20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here