Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3216-2: Firefox regression

Back to Search

Ubuntu: USN-3216-2: Firefox regression

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/30/2017
Created
07/25/2018
Added
04/05/2017
Modified
07/09/2020

Description

USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398,CVE-2017-5399,CVE-2017-5400, CVE-2017-5401,CVE-2017-5402,CVE-2017-5403,CVE-2017-5404,CVE-2017-5405, CVE-2017-5406,CVE-2017-5407,CVE-2017-5408,CVE-2017-5410,CVE-2017-5412, CVE-2017-5413,CVE-2017-5414,CVE-2017-5415,CVE-2017-5416,CVE-2017-5417, CVE-2017-5418,CVE-2017-5419,CVE-2017-5420,CVE-2017-5421,CVE-2017-5422, CVE-2017-5426,CVE-2017-5427)

Solution(s)

  • ubuntu-upgrade-firefox

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;