Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5186-2
HistoryDec 20, 2021 - 12:00 a.m.

Firefox regressions

2021-12-2000:00:00
ubuntu.com
57

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

JSON

Releases

  • Ubuntu 21.10
  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • firefox - Mozilla Open Source web browser

Details

USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several
minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, conduct spoofing attacks, bypass CSP restrictions, or
execute arbitrary code. (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538,
CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,
CVE-2021-43545, CVE-2021-43546)

A security issue was discovered with the handling of WebExtension
permissions. If a user were tricked into installing a specially crafted
extension, an attacker could potentially exploit this to create and
install a service worker that wouldn’t be uninstalled with the extension.
(CVE-2021-43540)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchfirefox< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-dbg< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-dev< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-geckodriver< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-af< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-an< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-ar< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-as< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-ast< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchfirefox-locale-az< 95.0.1+build2-0ubuntu0.21.10.1UNKNOWN
Rows per page:
1-10 of 3921

Related

openvas 26
osv 11
nessus 43
ubuntu 3
oraclelinux 4
archlinux 2
suse 4
altlinux 2
almalinux 2
redhat 10
centos 1
rocky 2
mozilla 3
mageia 2
kaspersky 3
debian 4
ubuntucve 10
prion 10
cnvd 7
cve 10
alpinelinux 10
veracode 10
debiancve 10
redhatcve 9
gentoo 1
openvas
openvas
Ubuntu: Security Advisory (USN-5186-2)
2021-12-21 00:00:00
Ubuntu: Security Advisory (USN-5186-1)
2021-12-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3993-1)
2021-12-11 00:00:00
osv
osv
firefox vulnerabilities
2021-12-09 18:55:33
firefox regressions
2021-12-20 22:35:44
Important: firefox security update
2021-12-08 09:42:58
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5186-1)
2021-12-10 00:00:00
Oracle Linux 7 : firefox (ELSA-2021-5014)
2021-12-09 00:00:00
AlmaLinux 8 : firefox (ALSA-2021:5013)
2022-02-09 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2021-12-09 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
oraclelinux
oraclelinux
firefox security update
2021-12-08 00:00:00
firefox security update
2021-12-09 00:00:00
thunderbird security update
2021-12-10 00:00:00
archlinux
archlinux
[ASA-202112-8] firefox: multiple issues
2021-12-11 00:00:00
[ASA-202112-9] thunderbird: multiple issues
2021-12-11 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2021-12-10 00:00:00
Security update for MozillaFirefox (important)
2021-12-12 00:00:00
Security update for MozillaThunderbird (important)
2021-12-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.4.0-alt1
2021-12-14 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.4.0-alt1
2021-12-21 00:00:00
almalinux
almalinux
Important: firefox security update
2021-12-08 09:42:58
Important: thunderbird security update
2021-12-09 12:14:59
redhat
redhat
(RHSA-2021:5013) Important: firefox security update
2021-12-08 09:42:58
(RHSA-2021:5014) Important: firefox security update
2021-12-08 09:42:59
(RHSA-2021:5017) Important: firefox security update
2021-12-08 09:44:27
centos
centos
firefox security update
2021-12-14 00:04:22
rocky
rocky
firefox security update
2021-12-08 09:42:58
thunderbird security update
2021-12-09 12:14:59
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.4.0 — Mozilla
2021-12-07 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.4.0 — Mozilla
2021-12-07 00:00:00
Security Vulnerabilities fixed in Firefox 95 — Mozilla
2021-12-07 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2021-12-11 01:19:07
Updated thunderbird packages fix security vulnerability
2021-12-11 01:19:07
kaspersky
kaspersky
KLA12375 Multiple vulnerabilities in Mozilla Firefox ESR
2021-12-07 00:00:00
KLA12374 Multiple vulnerabilities in Mozilla Firefox
2021-12-07 00:00:00
KLA12376 Multiple vulnerabilities in Mozilla Thunderbird
2021-12-07 00:00:00
debian
debian
[SECURITY] [DLA 2863-1] firefox-esr security update
2021-12-29 14:08:44
[SECURITY] [DSA 5026-1] firefox-esr security update
2021-12-19 15:23:09
[SECURITY] [DLA 2874-1] thunderbird security update
2022-01-04 10:10:10
ubuntucve
ubuntucve
CVE-2021-43540
2021-12-08 00:00:00
CVE-2021-43538
2021-12-08 00:00:00
CVE-2021-43536
2021-12-08 00:00:00
prion
prion
Code injection
2021-12-08 22:15:00
Design/Logic Flaw
2021-12-08 22:15:00
Design/Logic Flaw
2021-12-08 22:15:00
cnvd
cnvd
Mozilla Firefox ESR input validation error vulnerability
2021-12-10 00:00:00
Mozilla Firefox ESR code issue vulnerability (CNVD-2021-99620)
2021-12-12 00:00:00
Mozilla Firefox conditional competition issue vulnerability
2021-12-12 00:00:00
cve
cve
CVE-2021-43540
2021-12-08 22:15:00
CVE-2021-43546
2021-12-08 22:15:00
CVE-2021-43537
2021-12-08 22:15:00
alpinelinux
alpinelinux
CVE-2021-43540
2021-12-08 22:15:00
CVE-2021-43542
2021-12-08 22:15:00
CVE-2021-43546
2021-12-08 22:15:00
veracode
veracode
Denial Of Service (DoS)
2021-12-12 06:15:00
Remote Code Execution (RCE)
2021-12-10 07:38:42
Denial Of Service (DoS)
2021-12-10 07:39:17
debiancve
debiancve
CVE-2021-43540
2021-12-08 22:15:00
CVE-2021-43537
2021-12-08 22:15:00
CVE-2021-43542
2021-12-08 22:15:00
redhatcve
redhatcve
CVE-2021-43542
2021-12-08 02:49:49
CVE-2021-43546
2021-12-08 02:49:55
CVE-2021-43538
2021-12-08 02:49:43
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2022-02-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for USN-5186-2
openvas26osv11nessus43ubuntu3oraclelinux4archlinux2suse4altlinux2almalinux2redhat10centos1rocky2mozilla3mageia2kaspersky3debian4ubuntucve10prion10cnvd7cve10alpinelinux10veracode10debiancve10redhatcve9gentoo1