USN-3477-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3477-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3477-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3477-2

Published

2017-11-27T22:18:33Z

Modified

2026-02-10T04:41:14Z

Summary

firefox regression

Details

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842)

It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839)

It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840)

References

Affected packages

Ubuntu:14.04:LTS / firefox

Package

Name: firefox
Purl: pkg:deb/ubuntu/firefox@57.0+build4-0ubuntu0.14.04.5?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

57.0+build4-0ubuntu0.14.04.5

Affected versions

24.*

24.0+build1-0ubuntu1

25.*

25.0+build3-0ubuntu0.13.10.1

28.*

28.0~b2+build1-0ubuntu2

28.0+build1-0ubuntu1

28.0+build2-0ubuntu1

28.0+build2-0ubuntu2

29.*

29.0+build1-0ubuntu0.14.04.2

30.*

30.0+build1-0ubuntu0.14.04.3

31.*

31.0+build1-0ubuntu0.14.04.1

32.*

32.0+build1-0ubuntu0.14.04.1

32.0.3+build1-0ubuntu0.14.04.1

33.*

33.0+build2-0ubuntu0.14.04.1

34.*

34.0+build2-0ubuntu0.14.04.1

35.*

35.0+build3-0ubuntu0.14.04.2

35.0.1+build1-0ubuntu0.14.04.1

36.*

36.0+build2-0ubuntu0.14.04.4

36.0.1+build2-0ubuntu0.14.04.1

36.0.4+build1-0ubuntu0.14.04.1

37.*

37.0+build2-0ubuntu0.14.04.1

37.0.1+build1-0ubuntu0.14.04.1

37.0.2+build1-0ubuntu0.14.04.1

38.*

38.0+build3-0ubuntu0.14.04.1

39.*

39.0+build5-0ubuntu0.14.04.1

39.0.3+build2-0ubuntu0.14.04.1

40.*

40.0+build4-0ubuntu0.14.04.1

40.0+build4-0ubuntu0.14.04.4

40.0.3+build1-0ubuntu0.14.04.1

41.*

41.0+build3-0ubuntu0.14.04.1

41.0.1+build2-0ubuntu0.14.04.1

41.0.2+build2-0ubuntu0.14.04.1

42.*

42.0+build2-0ubuntu0.14.04.1

43.*

43.0+build1-0ubuntu0.14.04.1

43.0.4+build3-0ubuntu0.14.04.1

44.*

44.0+build3-0ubuntu0.14.04.1

44.0.1+build2-0ubuntu0.14.04.1

44.0.2+build1-0ubuntu0.14.04.1

45.*

45.0+build2-0ubuntu0.14.04.1

45.0.1+build1-0ubuntu0.14.04.2

45.0.2+build1-0ubuntu0.14.04.1

46.*

46.0+build5-0ubuntu0.14.04.2

46.0.1+build1-0ubuntu0.14.04.3

47.*

47.0+build3-0ubuntu0.14.04.1

48.*

48.0+build2-0ubuntu0.14.04.1

49.*

49.0+build4-0ubuntu0.14.04.1

49.0.2+build2-0ubuntu0.14.04.1

50.*

50.0+build2-0ubuntu0.14.04.2

50.0.2+build1-0ubuntu0.14.04.1

50.1.0+build2-0ubuntu0.14.04.1

51.*

51.0.1+build2-0ubuntu0.14.04.1

51.0.1+build2-0ubuntu0.14.04.2

52.*

52.0+build2-0ubuntu0.14.04.1

52.0.1+build2-0ubuntu0.14.04.1

52.0.2+build1-0ubuntu0.14.04.1

53.*

53.0+build6-0ubuntu0.14.04.1

53.0.2+build1-0ubuntu0.14.04.2

53.0.3+build1-0ubuntu0.14.04.2

54.*

54.0+build3-0ubuntu0.14.04.1

55.*

55.0.1+build2-0ubuntu0.14.04.2

55.0.2+build1-0ubuntu0.14.04.1

56.*

56.0+build6-0ubuntu0.14.04.1

56.0+build6-0ubuntu0.14.04.2

57.*

57.0+build4-0ubuntu0.14.04.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "firefox",
            "binary_version": "57.0+build4-0ubuntu0.14.04.5"
        },
        {
            "binary_name": "firefox-dev",
            "binary_version": "57.0+build4-0ubuntu0.14.04.5"
        },
        {
            "binary_name": "firefox-globalmenu",
            "binary_version": "57.0+build4-0ubuntu0.14.04.5"
        },
        {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "57.0+build4-0ubuntu0.14.04.5"
        },
        {
            "binary_name": "firefox-testsuite",
            "binary_version": "57.0+build4-0ubuntu0.14.04.5"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3477-2.json"

cves_map

{
    "ecosystem": "Ubuntu:14.04:LTS",
    "cves": []
}

Ubuntu:16.04:LTS / firefox

Package

Name: firefox
Purl: pkg:deb/ubuntu/firefox@57.0+build4-0ubuntu0.16.04.6?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

57.0+build4-0ubuntu0.16.04.6

Affected versions

41.*

41.0.2+build2-0ubuntu1

42.*

42.0+build2-0ubuntu1

44.*

44.0+build3-0ubuntu2

44.0.1+build1-0ubuntu1

44.0.2+build1-0ubuntu1

45.*

45.0+build2-0ubuntu1

45.0.1+build1-0ubuntu1

45.0.2+build1-0ubuntu1

46.*

46.0+build5-0ubuntu0.16.04.2

46.0.1+build1-0ubuntu0.16.04.2

47.*

47.0+build3-0ubuntu0.16.04.1

48.*

48.0+build2-0ubuntu0.16.04.1

49.*

49.0+build4-0ubuntu0.16.04.1

49.0.2+build2-0ubuntu0.16.04.2

50.*

50.0+build2-0ubuntu0.16.04.2

50.0.2+build1-0ubuntu0.16.04.1

50.1.0+build2-0ubuntu0.16.04.1

51.*

51.0.1+build2-0ubuntu0.16.04.1

51.0.1+build2-0ubuntu0.16.04.2

52.*

52.0+build2-0ubuntu0.16.04.1

52.0.1+build2-0ubuntu0.16.04.1

52.0.2+build1-0ubuntu0.16.04.1

53.*

53.0+build6-0ubuntu0.16.04.1

53.0.2+build1-0ubuntu0.16.04.2

53.0.3+build1-0ubuntu0.16.04.2

54.*

54.0+build3-0ubuntu0.16.04.1

55.*

55.0.1+build2-0ubuntu0.16.04.2

55.0.2+build1-0ubuntu0.16.04.1

56.*

56.0+build6-0ubuntu0.16.04.1

56.0+build6-0ubuntu0.16.04.2

57.*

57.0+build4-0ubuntu0.16.04.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "firefox",
            "binary_version": "57.0+build4-0ubuntu0.16.04.6"
        },
        {
            "binary_name": "firefox-dev",
            "binary_version": "57.0+build4-0ubuntu0.16.04.6"
        },
        {
            "binary_name": "firefox-globalmenu",
            "binary_version": "57.0+build4-0ubuntu0.16.04.6"
        },
        {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "57.0+build4-0ubuntu0.16.04.6"
        },
        {
            "binary_name": "firefox-testsuite",
            "binary_version": "57.0+build4-0ubuntu0.16.04.6"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3477-2.json"

cves_map

{
    "ecosystem": "Ubuntu:16.04:LTS",
    "cves": []
}