GLSA 201504-01: Mozilla Products: Multiple vulnerabilities
Severity: | normal |
Title: | Mozilla Products: Multiple vulnerabilities |
Date: | 04/07/2015 |
Bugs: |
|
ID: | 201504-01 |
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
www-client/firefox | < 31.5.3 | >= 31.5.3 | All supported architectures |
www-client/firefox-bin | < 31.5.3 | >= 31.5.3 | All supported architectures |
mail-client/thunderbird | < 31.5.0 | >= 31.5.0 | All supported architectures |
mail-client/thunderbird-bin | < 31.5.0 | >= 31.5.0 | All supported architectures |
www-client/seamonkey | < 2.33.1 | >= 2.33.1 | All supported architectures |
www-client/seamonkey-bin | < 2.33.1 | >= 2.33.1 | All supported architectures |
dev-libs/nspr | < 4.10.6 | >= 4.10.6 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact.
Workaround
There are no known workarounds at this time.
Resolution
All firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"
All firefox-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"
All thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"
All thunderbird-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-31.5.0"
All seamonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"
All seamonkey-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.33.1"
All nspr users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"
References
CVE-2013-1741 CVE-2013-2566 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 CVE-2013-5609 CVE-2013-5610 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1520 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1551 CVE-2014-1552 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1566 CVE-2014-1567 CVE-2014-1568 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-5369 CVE-2014-8631 CVE-2014-8632 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.