Lucene search

K
ubuntu
UbuntuUSN-4893-1
HistoryMar 25, 2021 - 12:00 a.m.

Firefox vulnerabilities

2021-03-2500:00:00
ubuntu.com
98

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.8%

Releases

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982,
CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)

It was discovered that extensions could open popup windows with control
of the window title in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to spook a website and trick the user into providing
credentials. (CVE-2021-23984)

It was discovered that the DevTools remote debugging feature could be
enabled without an indication to the user. If a local attacker could
modify the browser configuration, a remote attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23985)

It was discovered that extensions could read the response of cross
origin requests in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23986)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchfirefox< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-dbg< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-dev< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-geckodriver< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-af< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-an< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-ar< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-as< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-ast< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchfirefox-locale-az< 87.0+build3-0ubuntu0.20.10.1UNKNOWN
Rows per page:
1-10 of 3941
How to protect your server from attacks?

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.8%

Related for USN-4893-1