[USN-6779-1] Firefox vulnerabilities

[Nishit Majithia]

==========================================================================
Ubuntu Security Notice USN-6779-1
May 21, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)

Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)

Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)

Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  firefox                         126.0+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6779-1
  CVE-2024-4367, CVE-2024-4764, CVE-2024-4767, CVE-2024-4768,
  CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772,
  CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776,
  CVE-2024-4777, CVE-2024-4778

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/126.0+build2-0ubuntu0.20.04.1

signature.asc
Description: PGP signature