Please Install the Updated Packages.

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770) Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829) A stack buffer was discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0768) Masato Kinugawa discovered that Firefox did not always properly display URL values in the address bar. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0759) Atte Kettunen discovered that Firefox did not properly handle HTML tables with a large number of columns and column groups. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0744) Jerry Baker discovered that Firefox did not always properly handle threading when performing downloads over SSL connections. An attacker could exploit this to cause a denial of service via application crash. (CVE-2013-0764) Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of Firefox. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746) Jesse Ruderman discovered a flaw in the way ... Description truncated, for more information please check the Reference URL

firefox on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-January/001972.html

---

Updated on 2015-03-25