USN-3260-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3260-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3260-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3260-2

Published

2017-05-11T19:27:36Z

Modified

2026-02-10T04:41:06Z

Summary

firefox regression

Details

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

References

Affected packages

Ubuntu:14.04:LTS / firefox

Package

Name: firefox
Purl: pkg:deb/ubuntu/firefox@53.0.2+build1-0ubuntu0.14.04.2?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

53.0.2+build1-0ubuntu0.14.04.2

Affected versions

24.*

24.0+build1-0ubuntu1

25.*

25.0+build3-0ubuntu0.13.10.1

28.*

28.0~b2+build1-0ubuntu2

28.0+build1-0ubuntu1

28.0+build2-0ubuntu1

28.0+build2-0ubuntu2

29.*

29.0+build1-0ubuntu0.14.04.2

30.*

30.0+build1-0ubuntu0.14.04.3

31.*

31.0+build1-0ubuntu0.14.04.1

32.*

32.0+build1-0ubuntu0.14.04.1

32.0.3+build1-0ubuntu0.14.04.1

33.*

33.0+build2-0ubuntu0.14.04.1

34.*

34.0+build2-0ubuntu0.14.04.1

35.*

35.0+build3-0ubuntu0.14.04.2

35.0.1+build1-0ubuntu0.14.04.1

36.*

36.0+build2-0ubuntu0.14.04.4

36.0.1+build2-0ubuntu0.14.04.1

36.0.4+build1-0ubuntu0.14.04.1

37.*

37.0+build2-0ubuntu0.14.04.1

37.0.1+build1-0ubuntu0.14.04.1

37.0.2+build1-0ubuntu0.14.04.1

38.*

38.0+build3-0ubuntu0.14.04.1

39.*

39.0+build5-0ubuntu0.14.04.1

39.0.3+build2-0ubuntu0.14.04.1

40.*

40.0+build4-0ubuntu0.14.04.1

40.0+build4-0ubuntu0.14.04.4

40.0.3+build1-0ubuntu0.14.04.1

41.*

41.0+build3-0ubuntu0.14.04.1

41.0.1+build2-0ubuntu0.14.04.1

41.0.2+build2-0ubuntu0.14.04.1

42.*

42.0+build2-0ubuntu0.14.04.1

43.*

43.0+build1-0ubuntu0.14.04.1

43.0.4+build3-0ubuntu0.14.04.1

44.*

44.0+build3-0ubuntu0.14.04.1

44.0.1+build2-0ubuntu0.14.04.1

44.0.2+build1-0ubuntu0.14.04.1

45.*

45.0+build2-0ubuntu0.14.04.1

45.0.1+build1-0ubuntu0.14.04.2

45.0.2+build1-0ubuntu0.14.04.1

46.*

46.0+build5-0ubuntu0.14.04.2

46.0.1+build1-0ubuntu0.14.04.3

47.*

47.0+build3-0ubuntu0.14.04.1

48.*

48.0+build2-0ubuntu0.14.04.1

49.*

49.0+build4-0ubuntu0.14.04.1

49.0.2+build2-0ubuntu0.14.04.1

50.*

50.0+build2-0ubuntu0.14.04.2

50.0.2+build1-0ubuntu0.14.04.1

50.1.0+build2-0ubuntu0.14.04.1

51.*

51.0.1+build2-0ubuntu0.14.04.1

51.0.1+build2-0ubuntu0.14.04.2

52.*

52.0+build2-0ubuntu0.14.04.1

52.0.1+build2-0ubuntu0.14.04.1

52.0.2+build1-0ubuntu0.14.04.1

53.*

53.0+build6-0ubuntu0.14.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "53.0.2+build1-0ubuntu0.14.04.2",
            "binary_name": "firefox"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.14.04.2",
            "binary_name": "firefox-dev"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.14.04.2",
            "binary_name": "firefox-globalmenu"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.14.04.2",
            "binary_name": "firefox-mozsymbols"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.14.04.2",
            "binary_name": "firefox-testsuite"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:14.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3260-2.json"

Ubuntu:16.04:LTS / firefox

Package

Name: firefox
Purl: pkg:deb/ubuntu/firefox@53.0.2+build1-0ubuntu0.16.04.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

53.0.2+build1-0ubuntu0.16.04.2

Affected versions

41.*

41.0.2+build2-0ubuntu1

42.*

42.0+build2-0ubuntu1

44.*

44.0+build3-0ubuntu2

44.0.1+build1-0ubuntu1

44.0.2+build1-0ubuntu1

45.*

45.0+build2-0ubuntu1

45.0.1+build1-0ubuntu1

45.0.2+build1-0ubuntu1

46.*

46.0+build5-0ubuntu0.16.04.2

46.0.1+build1-0ubuntu0.16.04.2

47.*

47.0+build3-0ubuntu0.16.04.1

48.*

48.0+build2-0ubuntu0.16.04.1

49.*

49.0+build4-0ubuntu0.16.04.1

49.0.2+build2-0ubuntu0.16.04.2

50.*

50.0+build2-0ubuntu0.16.04.2

50.0.2+build1-0ubuntu0.16.04.1

50.1.0+build2-0ubuntu0.16.04.1

51.*

51.0.1+build2-0ubuntu0.16.04.1

51.0.1+build2-0ubuntu0.16.04.2

52.*

52.0+build2-0ubuntu0.16.04.1

52.0.1+build2-0ubuntu0.16.04.1

52.0.2+build1-0ubuntu0.16.04.1

53.*

53.0+build6-0ubuntu0.16.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "53.0.2+build1-0ubuntu0.16.04.2",
            "binary_name": "firefox"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.16.04.2",
            "binary_name": "firefox-dev"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.16.04.2",
            "binary_name": "firefox-globalmenu"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.16.04.2",
            "binary_name": "firefox-mozsymbols"
        },
        {
            "binary_version": "53.0.2+build1-0ubuntu0.16.04.2",
            "binary_name": "firefox-testsuite"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:16.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3260-2.json"