Please Install the Updated Packages.

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610) Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611) Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612) Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618) Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671) Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, ... Description truncated, for more information please check the Reference URL

firefox on Ubuntu 13.10 , Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-December/002341.html

---

Updated on 2015-03-25