Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201605-06 ] Mozilla Products
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2226

PostPosted: Tue May 31, 2016 6:26 am    Post subject: [ GLSA 201605-06 ] Mozilla Products Reply with quote

Gentoo Linux Security Advisory

Title: Mozilla Products: Multiple vulnerabilities (GLSA 201605-06)
Severity: normal
Exploitable: remote
Date: May 31, 2016
Bug(s): #549356, #557590, #559186, #561246, #563230, #564834, #573074, #574596, #576862
ID: 201605-06

Synopsis

Multiple vulnerabilities have been found in Firefox, Thunderbird,
Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
the worst of which may allow remote execution of arbitrary code.


Background

Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
open-source email client, and the Network Security Service (NSS) is a
library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as
‘Mozilla Application Suite’.


Affected Packages

Package: dev-libs/nspr
Vulnerable: < 4.12
Unaffected: >= 4.12
Architectures: All supported architectures

Package: dev-libs/nss
Vulnerable: < 3.22.2
Unaffected: >= 3.22.2
Architectures: All supported architectures

Package: mail-client/thunderbird
Vulnerable: < 38.7.0
Unaffected: >= 38.7.0
Architectures: All supported architectures

Package: mail-client/thunderbird-bin
Vulnerable: < 38.7.0
Unaffected: >= 38.7.0
Architectures: All supported architectures

Package: www-client/firefox
Vulnerable: < 38.7.0
Unaffected: >= 38.7.0
Architectures: All supported architectures

Package: www-client/firefox-bin
Vulnerable: < 38.7.0
Unaffected: >= 38.7.0
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and
Thunderbird. Please review the CVE identifiers referenced below for
details.


Impact

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impacts.


Workaround

There is no known workaround at this time.

Resolution

All NSS users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"
   
All Thunderbird users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"
   
All users of the Thunderbird binary package should upgrade to the latest
version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-38.7.0"
   
All Firefox 38.7.x users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"
   
All users of the Firefox 38.7.x binary package should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"
   


References

CVE-2015-2708
CVE-2015-2708
CVE-2015-2709
CVE-2015-2709
CVE-2015-2710
CVE-2015-2710
CVE-2015-2711
CVE-2015-2711
CVE-2015-2712
CVE-2015-2712
CVE-2015-2713
CVE-2015-2713
CVE-2015-2714
CVE-2015-2714
CVE-2015-2715
CVE-2015-2715
CVE-2015-2716
CVE-2015-2716
CVE-2015-2717
CVE-2015-2717
CVE-2015-2718
CVE-2015-2718
CVE-2015-4473
CVE-2015-4473
CVE-2015-4474
CVE-2015-4474
CVE-2015-4475
CVE-2015-4475
CVE-2015-4477
CVE-2015-4477
CVE-2015-4478
CVE-2015-4478
CVE-2015-4479
CVE-2015-4479
CVE-2015-4480
CVE-2015-4480
CVE-2015-4481
CVE-2015-4481
CVE-2015-4482
CVE-2015-4482
CVE-2015-4483
CVE-2015-4483
CVE-2015-4484
CVE-2015-4484
CVE-2015-4485
CVE-2015-4485
CVE-2015-4486
CVE-2015-4486
CVE-2015-4487
CVE-2015-4487
CVE-2015-4488
CVE-2015-4488
CVE-2015-4489
CVE-2015-4489
CVE-2015-4490
CVE-2015-4490
CVE-2015-4491
CVE-2015-4491
CVE-2015-4492
CVE-2015-4492
CVE-2015-4493
CVE-2015-4493
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
CVE-2016-1523
CVE-2016-1523
CVE-2016-1930
CVE-2016-1930
CVE-2016-1931
CVE-2016-1931
CVE-2016-1933
CVE-2016-1933
CVE-2016-1935
CVE-2016-1935
CVE-2016-1937
CVE-2016-1937
CVE-2016-1938
CVE-2016-1938
CVE-2016-1939
CVE-2016-1939
CVE-2016-1940
CVE-2016-1940
CVE-2016-1941
CVE-2016-1941
CVE-2016-1942
CVE-2016-1942
CVE-2016-1943
CVE-2016-1943
CVE-2016-1944
CVE-2016-1944
CVE-2016-1945
CVE-2016-1945
CVE-2016-1946
CVE-2016-1946
CVE-2016-1947
CVE-2016-1947
CVE-2016-1948
CVE-2016-1948
CVE-2016-1949
CVE-2016-1949
CVE-2016-1950
CVE-2016-1950
CVE-2016-1952
CVE-2016-1952
CVE-2016-1953
CVE-2016-1953
CVE-2016-1954
CVE-2016-1954
CVE-2016-1955
CVE-2016-1955
CVE-2016-1956
CVE-2016-1956
CVE-2016-1957
CVE-2016-1957
CVE-2016-1958
CVE-2016-1958
CVE-2016-1959
CVE-2016-1959
CVE-2016-1960
CVE-2016-1960
CVE-2016-1961
CVE-2016-1961
CVE-2016-1962
CVE-2016-1962
CVE-2016-1963
CVE-2016-1963
CVE-2016-1964
CVE-2016-1964
CVE-2016-1965
CVE-2016-1965
CVE-2016-1966
CVE-2016-1966
CVE-2016-1967
CVE-2016-1967
CVE-2016-1968
CVE-2016-1968
CVE-2016-1969
CVE-2016-1969
CVE-2016-1970
CVE-2016-1970
CVE-2016-1971
CVE-2016-1971
CVE-2016-1972
CVE-2016-1972
CVE-2016-1973
CVE-2016-1973
CVE-2016-1974
CVE-2016-1974
CVE-2016-1975
CVE-2016-1975
CVE-2016-1976
CVE-2016-1976
CVE-2016-1977
CVE-2016-1977
CVE-2016-1978
CVE-2016-1978
CVE-2016-1979
CVE-2016-1979
CVE-2016-2790
CVE-2016-2790
CVE-2016-2791
CVE-2016-2791
CVE-2016-2792
CVE-2016-2792
CVE-2016-2793
CVE-2016-2793
CVE-2016-2794
CVE-2016-2794
CVE-2016-2795
CVE-2016-2795
CVE-2016-2796
CVE-2016-2796
CVE-2016-2797
CVE-2016-2797
CVE-2016-2798
CVE-2016-2798
CVE-2016-2799
CVE-2016-2799
CVE-2016-2800
CVE-2016-2800
CVE-2016-2801
CVE-2016-2801
CVE-2016-2802
CVE-2016-2802
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum