Ubuntu update for firefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29537 CVE-2023-29538 CVE-2023-29539 CVE-2023-29540 CVE-2023-29541 CVE-2023-29543 CVE-2023-29544 CVE-2023-29547 CVE-2023-29548 CVE-2023-29549 CVE-2023-29550 CVE-2023-29551 |
| CWE-ID | CWE-451 CWE-119 CWE-763 CWE-362 CWE-538 CWE-254 CWE-416 CWE-1037 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system firefox (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Spoofing attack
EUVDB-ID: #VU74822
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29533
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can hide the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:firefox_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU74825
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29535
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error during Garbage Collector compaction. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Release of invalid pointer or reference
EUVDB-ID: #VU74826
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29536
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an invalid free operation from JavaScript code. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU74827
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29537
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to multiple race conditions in font initialization code. A remote attacker can trick the victim into visiting a malicious website, trigger a race condition and execute arbitrary code
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) File and directory information exposure
EUVDB-ID: #VU74828
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29538
CWE-ID:
CWE-538 - File And Directory Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way WebExtension handles the "jar:file:///" URI during the request load. A remote attacker can obtain directory paths on the user's machine.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security features bypass
EUVDB-ID: #VU74829
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29539
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper handling of filename directive in the Content-Disposition header, which leads to filename truncation if it contains a NULL character. A remote attacker can abuse such behavior and trick the victim into downloading a malicious file.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security features bypass
EUVDB-ID: #VU74830
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29540
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect processing of iframes. A remote attacker can use a redirect embedded into sourceMappingUrls to allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security features bypass
EUVDB-ID: #VU74831
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29541
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper handling of filenames ending with .desktop. A remote attacker can trick the victim into downloading a malicious file and execute it on the system.The vulnerability affects Firefox on Linux only.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU74833
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29543
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in debugging APIs. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU74834
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Spoofing attack
EUVDB-ID: #VU74837
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29547
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insecure handling of cookies in Firefox cookie jar. When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU74838
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29548
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of a wrong lowering instruction in the ARM64 Ion compiler. A remote attacker can gain access to sensitive information.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security features bypass
EUVDB-ID: #VU74839
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29549
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error in JavaScript bind functionality. Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES.
Update the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU74840
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29550
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU74841
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-29551
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package firefox to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
firefox (Ubuntu package): before 112.0.2+build1-0ubuntu0.18.04.1
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-6010-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
