Ubuntu: USN-3216-2: Firefox regression
Description
USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398,CVE-2017-5399,CVE-2017-5400, CVE-2017-5401,CVE-2017-5402,CVE-2017-5403,CVE-2017-5404,CVE-2017-5405, CVE-2017-5406,CVE-2017-5407,CVE-2017-5408,CVE-2017-5410,CVE-2017-5412, CVE-2017-5413,CVE-2017-5414,CVE-2017-5415,CVE-2017-5416,CVE-2017-5417, CVE-2017-5418,CVE-2017-5419,CVE-2017-5420,CVE-2017-5421,CVE-2017-5422, CVE-2017-5426,CVE-2017-5427)
Solution(s)
- ubuntu-upgrade-firefox
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center