Ubuntu Security Notice USN-2360-1
24th September, 2014
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software description
- firefox
– Mozilla Open Source web browser
Details
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
firefox
32.0.3+build1-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
firefox
32.0.3+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.