Ubuntu update for firefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2023-6865 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6866 CVE-2023-6867 CVE-2023-6861 CVE-2023-6869 CVE-2023-6871 CVE-2023-6872 CVE-2023-6863 CVE-2023-6864 CVE-2023-6873 CVE-2023-6856 CVE-2023-6135 CVE-2023-6860 |
| CWE-ID | CWE-457 CWE-124 CWE-122 CWE-416 CWE-755 CWE-450 CWE-357 CWE-532 CWE-758 CWE-119 CWE-203 CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system firefox (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Use of Uninitialized Variable
EUVDB-ID: #VU84558
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6865
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to access to uninitialized data in EncryptingOutputStream. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and write data to a local disk, which may have implications for private browsing mode.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer Underwrite ('Buffer Underflow')
EUVDB-ID: #VU84559
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6857
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error when handling symbolic links. A local user can trigger a race when the browser resolves a symbolic link, where the buffer passed to readlink may actually be smaller than necessary. A local user can gain access to potentially sensitive information.
The vulnerability affects Unix based operating systems only (e.g. Android, Linux, MacOS).
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU84560
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6858
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in nsTextFragment when handling out-of-memory situations. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap overflow and crash the browser.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU84561
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in PR_GetIdentitiesLayer when creating the TLS socket. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper handling of exceptional conditions
EUVDB-ID: #VU84569
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6866
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors in TypedArrays. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Multiple Interpretations of UI Input
EUVDB-ID: #VU84563
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6867
CWE-ID:
CWE-450 - Multiple Interpretations of UI Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a timing issue when the user clicks on a button. The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU84564
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6861
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the nsWindow::PickerOpen(void) method when the browser is running in headless mode. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Multiple Interpretations of UI Input
EUVDB-ID: #VU84571
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6869
CWE-ID:
CWE-450 - Multiple Interpretations of UI Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when displaying browser content. A <dialog> element can be manipulated to paint content outside of a sandboxed iframe, which could allow untrusted content to display under the guise of trusted content.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient UI Warning of Dangerous Operations
EUVDB-ID: #VU84573
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6871
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to lack of protocol handler warning when navigating to a new protocol handler. A remote attacker can perform spoofing attack.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU84574
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6872
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Browser tab titles are leaked by GNOME to system logs. A local user can read the log files and gain access to sensitive data.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Reliance on undefined behavior
EUVDB-ID: #VU84566
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6863
CWE-ID:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reliance on undefined behavior in ShutdownObserver(). A remote attacker can crash the browser.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU84567
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU84575
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6873
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU84557
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6856
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebGL DrawElementsInstanced method when used on systems with the Mesa VM driver. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Observable discrepancy
EUVDB-ID: #VU84568
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6135
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a side-channel attack in multiple NSS NIST curves, known as "Minerva". A remote attacker can recover the private key and decrypt data passed between server and client.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security features bypass
EUVDB-ID: #VU84562
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6860
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to VideoBridge lack of texture validation. A remote attacker can trick the victim to open a specially crafted website, escape the sandbox and gain access to sensitive information.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 20.04
firefox (Ubuntu package): before 121.0+build1-0ubuntu0.20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6562-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
