-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.0600.2
                          Firefox vulnerabilities
                               31 March 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           firefox
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-5427 CVE-2017-5426 CVE-2017-5422
                   CVE-2017-5421 CVE-2017-5420 CVE-2017-5419
                   CVE-2017-5418 CVE-2017-5417 CVE-2017-5416
                   CVE-2017-5415 CVE-2017-5414 CVE-2017-5413
                   CVE-2017-5412 CVE-2017-5410 CVE-2017-5408
                   CVE-2017-5407 CVE-2017-5406 CVE-2017-5405
                   CVE-2017-5404 CVE-2017-5403 CVE-2017-5402
                   CVE-2017-5401 CVE-2017-5400 CVE-2017-5399
                   CVE-2017-5398 CVE-2016-5412 

Reference:         ESB-2016.2592

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3216-2

Revision History:  March 31 2017: USN-3216-1 introduced a regression in Firefox
                   March  8 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Ubuntu Security Notice USN-3216-2
March 30, 2017

firefox regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 16.10
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS
- - Ubuntu 12.04 LTS

Summary:

USN-3216-1 introduced a regression in Firefox.

Software Description:
- - firefox: Mozilla Open Source web browser

Details:

USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a
startup crash when Firefox is used with XRDP. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

 Multiple security issues were discovered in Firefox. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit these to bypass same origin restrictions, obtain
 sensitive information, spoof the addressbar, spoof the print dialog,
 cause a denial of service via application crash or hang, or execute
 arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400,
 CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405,
 CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412,
 CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417,
 CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422,
 CVE-2017-5426, CVE-2017-5427)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  firefox                         52.0.2+build1-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  firefox                         52.0.2+build1-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  firefox                         52.0.2+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         52.0.2+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-3216-2
  http://www.ubuntu.com/usn/usn-3216-1
  https://launchpad.net/bugs/1671079

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/52.0.2+build1-0ubuntu0.16.10.1
  https://launchpad.net/ubuntu/+source/firefox/52.0.2+build1-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/firefox/52.0.2+build1-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/firefox/52.0.2+build1-0ubuntu0.12.04.1

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWN2VFYx+lLeg9Ub1AQhd0hAAn3IulwsaEJBErC0U2qKes86ysGGbIkwX
llaqmNKHBgM9UCDOWBraPIbq1/T9rxrSedLFgINI+BJqNggj0zZgNCTNuzGZOC6W
y97XkaKVqDXM5Vn3BXVYzWeYCe6baGH1koG4Bs0a2tmW5DGVXd0N7baXJNoL8FlU
RJrGaQhAkAPncClPJci5M96Gvyqz4LT+JxDgMIPgClYJ4tNPfPnazQ34yGrVySE0
JuAgcbDlwiTu8GORsv8mausy88uRiHhuaWtpo18J3e84LaG7hHPNq6FPyv3lfSHo
7uVQ1cbBtED7U0jRR/B07hFUm0kRPnCs2lFvbFONxrfn2brah/bMO6Ah0jN6eOMF
lpKSp2Srqnh8Rr24p4wawexO5thVN7WrB6VDF+V9HGi8S5jN3X2GkUfM9X+1EtN4
vES06JsRyTHrURvaE1yn741ta/oRtOIKvq4V8cUTaMMf5YNlCx1C+YDwpDhN3Dxs
vmIiP1xzH5dQcVzzlrLnljZk3awv8bKXGbwA1Tli0YjY/A6b3WF8LN3tPp/Sl8X4
/7ChxNEf0iUK3zFqxNMTasCXAKB703Avh1ktRHfM349B2TJwzcQ3mpTzGisJH5sp
PHHD5g1LmXd2ZtGc1As1VlgOYtFIKMnpp7SxKATrJNBUAzASCIvY23K3Yg+j+TTS
F6Jsh2tRpVo=
=Mlbv
-----END PGP SIGNATURE-----