Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
99bb7f4ae7c5cde08a7f0475af92bbd1b2a459027ddb9a137e6275eb69fa9002