Ubuntu Security Notice 896-1 – Several flaws were discovered in the browser engine of Firefox. Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Various other issues were also addressed.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86437/USN-896-1.txt
Source: https://packetstormsecurity.com/files/86437/Ubuntu-Security-Notice-896-1.html