Lucene search

K
ubuntuUbuntuUSN-3761-3
HistorySep 17, 2018 - 12:00 a.m.

Firefox regressions

2018-09-1700:00:00
ubuntu.com
34

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • firefox - Mozilla Open Source web browser

Details

USN-3761-1 fixed vulnerabilities in Firefox. The update caused several
regressions affecting spellchecker dictionaries and search engines, which
were partially fixed by USN-3761-2. This update contains the remaining fix.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)

It was discovered that if a user saved passwords before Firefox 58 and
then later set a primary password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to obtain
sensitive information. (CVE-2018-12383)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchfirefox< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-dbg< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-dev< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-globalmenu< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-af< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-an< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-ar< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-as< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-ast< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Ubuntu18.04noarchfirefox-locale-az< 62.0+build2-0ubuntu0.18.04.5UNKNOWN
Rows per page:
1-10 of 2961

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%