Ubuntu update for firefox



Published: 2021-04-26
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2021-23994
CVE-2021-23995
CVE-2021-23996
CVE-2021-23997
CVE-2021-23998
CVE-2021-23999
CVE-2021-24000
CVE-2021-24001
CVE-2021-24002
CVE-2021-29945
CVE-2021-29946
CVE-2021-29947
CWE-ID CWE-787
CWE-416
CWE-264
CWE-277
CWE-362
CWE-20
CWE-682
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

firefox (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU52333

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23994

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the WebGL framebuffer. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-fater-free

EUVDB-ID: #VU52334

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23995

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input, when Responsive Design Mode is enabled. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger a use-after-fee error and execute arbitrary code on the target system.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU52335

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23996

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to application allows content rendering outside of the webpage's viewport. A remote attacker can utilize 3D CSS in conjunction with JavaScript to spoof contents of a web page.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU52336

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by unexpected data type conversions when freeing fonts from cache. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insecure Inherited Permissions

EUVDB-ID: #VU52337

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23998

CWE-ID: CWE-277 - Insecure inherited permissions

Exploit availability: No

Description

the vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the way HTTP pages inherit a secure lock icon, when navigating from an HTTP page. A remote attacker can create a specially crafted webpage that through a series of complicated navigation will force the browser to display a secure lock icon on an unencrypted HTTP page.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insecure Inherited Permissions

EUVDB-ID: #VU52338

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23999

CWE-ID: CWE-277 - Insecure inherited permissions

Exploit availability: No

Description

the vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the way Firefox handles Blob URLs. If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU52339

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-24000

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to a race condition within requestPointerLock() and setTimeout() methods in conjunctions with certain elements, such as <input type="file">. A remote attacker can create a specially crafted web page that will result in a situation where a user interacting with one tab when they believed they were on a separate tab and gain access to sensitive information.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security restrictions bypass

EUVDB-ID: #VU52340

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-24001

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions to testing infrastructure. A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU52341

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-24002

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing newline characters in an FTP URL (such as %0A and %0D). A remote attacker can trick the victim to click on a specially crafted URL and execute arbitrary FTP commands on a remote server, given that victim has access to the FTP server.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Incorrect calculation

EUVDB-ID: #VU52342

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29945

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to the WebAssembly JIT miscalculates the size of a return type, which leads to a null read. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.

Note, the vulnerability affects 32-bit platforms only.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU52346

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU52345

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29947

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package firefox to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 21.04

firefox (Ubuntu package): before 88.0+build2-0ubuntu0.21.04.1

External links

http://ubuntu.com/security/notices/USN-4926-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###