Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201504-01 ] Mozilla Products
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2189

PostPosted: Wed Jun 17, 2015 7:26 pm    Post subject: [ GLSA 201504-01 ] Mozilla Products Reply with quote

Gentoo Linux Security Advisory

Title: Mozilla Products: Multiple vulnerabilities (GLSA 201504-01)
Severity: normal
Exploitable: remote
Date: April 07, 2015
Updated: April 08, 2015
Bug(s): #489796, #491234, #493850, #500320, #505072, #509050, #512896, #517876, #522020, #523652, #525474, #531408, #536564, #541316, #544056
ID: 201504-01

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, the worst of which may allow user-assisted
execution of arbitrary code.


Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
open-source email client, both from the Mozilla Project. The SeaMonkey
project is a community effort to deliver production-quality releases of
code derived from the application formerly known as the ‘Mozilla
Application Suite’.


Affected Packages

Package: www-client/firefox
Vulnerable: < 31.5.3
Unaffected: >= 31.5.3
Architectures: All supported architectures

Package: www-client/firefox-bin
Vulnerable: < 31.5.3
Unaffected: >= 31.5.3
Architectures: All supported architectures

Package: mail-client/thunderbird
Vulnerable: < 31.5.0
Unaffected: >= 31.5.0
Architectures: All supported architectures

Package: mail-client/thunderbird-bin
Vulnerable: < 31.5.0
Unaffected: >= 31.5.0
Architectures: All supported architectures

Package: www-client/seamonkey
Vulnerable: < 2.33.1
Unaffected: >= 2.33.1
Architectures: All supported architectures

Package: www-client/seamonkey-bin
Vulnerable: < 2.33.1
Unaffected: >= 2.33.1
Architectures: All supported architectures

Package: dev-libs/nspr
Vulnerable: < 4.10.6
Unaffected: >= 4.10.6
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
and SeaMonkey. Please review the CVE identifiers referenced below for
details.


Impact

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impact.


Workaround

There are no known workarounds at this time.

Resolution

All firefox users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"
   
All firefox-bin users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"
   
All thunderbird users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"
   
All thunderbird-bin users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-31.5.0"
   
All seamonkey users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"
   
All seamonkey-bin users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.33.1"
   
All nspr users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"
   


References

CVE-2013-1741
CVE-2013-2566
CVE-2013-5590
CVE-2013-5591
CVE-2013-5592
CVE-2013-5593
CVE-2013-5595
CVE-2013-5596
CVE-2013-5597
CVE-2013-5598
CVE-2013-5599
CVE-2013-5600
CVE-2013-5601
CVE-2013-5602
CVE-2013-5603
CVE-2013-5604
CVE-2013-5605
CVE-2013-5606
CVE-2013-5607
CVE-2013-5609
CVE-2013-5610
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5615
CVE-2013-5616
CVE-2013-5618
CVE-2013-5619
CVE-2013-6671
CVE-2013-6672
CVE-2013-6673
CVE-2014-1477
CVE-2014-1478
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1493
CVE-2014-1494
CVE-2014-1496
CVE-2014-1497
CVE-2014-1498
CVE-2014-1499
CVE-2014-1500
CVE-2014-1502
CVE-2014-1504
CVE-2014-1505
CVE-2014-1508
CVE-2014-1509
CVE-2014-1510
CVE-2014-1511
CVE-2014-1512
CVE-2014-1513
CVE-2014-1514
CVE-2014-1518
CVE-2014-1519
CVE-2014-1520
CVE-2014-1522
CVE-2014-1523
CVE-2014-1524
CVE-2014-1525
CVE-2014-1526
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1538
CVE-2014-1539
CVE-2014-1540
CVE-2014-1541
CVE-2014-1542
CVE-2014-1543
CVE-2014-1544
CVE-2014-1545
CVE-2014-1547
CVE-2014-1548
CVE-2014-1549
CVE-2014-1550
CVE-2014-1551
CVE-2014-1552
CVE-2014-1553
CVE-2014-1554
CVE-2014-1555
CVE-2014-1556
CVE-2014-1557
CVE-2014-1558
CVE-2014-1559
CVE-2014-1560
CVE-2014-1561
CVE-2014-1562
CVE-2014-1563
CVE-2014-1564
CVE-2014-1565
CVE-2014-1566
CVE-2014-1567
CVE-2014-1568
CVE-2014-1574
CVE-2014-1575
CVE-2014-1576
CVE-2014-1577
CVE-2014-1578
CVE-2014-1580
CVE-2014-1581
CVE-2014-1582
CVE-2014-1583
CVE-2014-1584
CVE-2014-1585
CVE-2014-1586
CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-5369
CVE-2014-8631
CVE-2014-8632
CVE-2014-8634
CVE-2014-8635
CVE-2014-8636
CVE-2014-8637
CVE-2014-8638
CVE-2014-8639
CVE-2014-8640
CVE-2014-8641
CVE-2014-8642
CVE-2015-0817
CVE-2015-0818
CVE-2015-0819
CVE-2015-0820
CVE-2015-0821
CVE-2015-0822
CVE-2015-0823
CVE-2015-0824
CVE-2015-0825
CVE-2015-0826
CVE-2015-0827
CVE-2015-0828
CVE-2015-0829
CVE-2015-0830
CVE-2015-0831
CVE-2015-0832
CVE-2015-0833
CVE-2015-0834
CVE-2015-0835
CVE-2015-0836
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum