QID 198311
Date Published: 2021-04-06
QID 198311: Ubuntu Security Notification for Firefox Vulnerabilities (USN-4893-1)
Multiple security issues were discovered in Firefox.
It was discovered that extensions could open popup windows with control of the window title in some circumstances.
It was discovered that the DevTools remote debugging feature could be enabled without an indication to the user.
It was discovered that extensions could read the response of cross origin requests in some circumstances.
If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)
If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. (CVE-2021-23984)
If a local attacker could modify the browser configuration, a remote attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23985)
If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23986)
- USN-4893-1 -
usn.ubuntu.com/4893-1/
CVEs related to QID 198311
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| USN-4893-1 | 16.04 (Xenial) on src | firefox |
launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.16.04.2 |
| USN-4893-1 | 18.04 (bionic) on src | firefox |
launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.18.04.2 |
| USN-4893-1 | 20.04 (focal) on src | firefox |
launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.20.04.2 |
| USN-4893-1 | 20.10 (groovy) on src | firefox |
launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.20.10.1 |