USN-1608-1: Firefox vulnerabilities

Ubuntu Security Notice USN-1608-1

11th October, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS


Several security issues were fixed in Firefox.

Software description

  • firefox - Mozilla Open Source web browser


It was discovered that the browser engine used in Firefox contained a
memory corruption flaw. If a user were tricked into opening a specially
crafted web page, a remote attacker could cause Firefox to crash or
potentially execute arbitrary code as the user invoking the program.

It was discovered that Firefox allowed improper access to the Location
object. An attacker could exploit this to obtain sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
firefox 16.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 16.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 16.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 16.0.1+build1-0ubuntu0.10.04.1

To update your system, please follow these instructions:

After a standard system update you need to restart Firefox to make
all the necessary changes.


CVE-2012-4191, CVE-2012-4192, LP: 1065285