Firefox: Multiple vulnerabilities

=========================================================================== 
                         ZMCIRT Vulnerability Bulletin

                             ZMC-2022.14.01.0800
                     Firefox: Multiple vulnerabilities
                               14th January 2022

===========================================================================
Product:           Firefox
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-22752 CVE-2022-22751 CVE-2022-22748
                   CVE-2022-22747 CVE-2022-22745 CVE-2022-22743
                   CVE-2022-22742 CVE-2022-22741 CVE-2022-22740
                   CVE-2022-22739 CVE-2022-22738 CVE-2022-22737
                   CVE-2021-4140  

Reference:         ESB-2022.0173
                   ESB-2022.0172

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5229-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5229-1: Firefox vulnerabilities
13 January 2022

Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Releases

  o Ubuntu 21.10
  o Ubuntu 21.04
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS

Packages

  o firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information across
domains, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 21.10

  o firefox - 96.0+build2-0ubuntu0.21.10.1

Ubuntu 21.04

  o firefox - 96.0+build2-0ubuntu0.21.04.1

Ubuntu 20.04

  o firefox - 96.0+build2-0ubuntu0.20.04.1

Ubuntu 18.04

  o firefox - 96.0+build2-0ubuntu0.18.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

  o CVE-2022-22742
  o CVE-2022-22752
  o CVE-2022-22741
  o CVE-2022-22739
  o CVE-2022-22745
  o CVE-2022-22747
  o CVE-2022-22740
  o CVE-2022-22748
  o CVE-2022-22737
  o CVE-2022-22738
  o CVE-2021-4140
  o CVE-2022-22751
  o CVE-2022-22743

 
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Internet Email: report@cirt.zm     
Telephone:     7070 
                ZMCIRT personnel answer during Zambian business hours 
                which are 8am to 5pm.
                On call after hours for member emergencies only.
===========================================================================