SB2021060236 - Ubuntu update for firefox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021060236

SB2021060236 - Ubuntu update for firefox

Published: June 2, 2021

Security Bulletin ID SB2021060236
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 40% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2021-29959)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way user is prompted to access microphone and camera by the website. When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera.


2) Information disclosure (CVE-ID: CVE-2021-29960)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the way firefox uses cache for the last filename used for printing a file. Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk.


3) Spoofing attack (CVE-ID: CVE-2021-29961)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect rendering an oversized <select> element. A remote attacker can spoof page content.


4) Buffer overflow (CVE-ID: CVE-2021-29966)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Buffer overflow (CVE-ID: CVE-2021-29967)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References