Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 201504-01 ] Mozilla Products: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201504-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

https://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Mozilla Products: Multiple vulnerabilities

Date: April 07, 2015

Bugs: #489796, #491234, #493850, #500320, #505072, #509050,

#512896, #517876, #522020, #523652, #525474, #531408,

#536564, #541316, #544056

ID: 201504-01

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been found in Mozilla Firefox,

Thunderbird, and SeaMonkey, the worst of which may allow user-assisted

execution of arbitrary code.

 

Background

==========

 

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird

an open-source email client, both from the Mozilla Project. The

SeaMonkey project is a community effort to deliver production-quality

releases of code derived from the application formerly known as the

‘Mozilla Application Suite’.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 www-client/firefox < 31.5.3 >= 31.5.3

2 www-client/firefox-bin < 31.5.3 >= 31.5.3

3 mail-client/thunderbird < 31.5.0 >= 31.5.0

4 mail-client/thunderbird-bin

< 31.5.0 >= 31.5.0

5 www-client/seamonkey < 2.33.1 >= 2.33.1

6 www-client/seamonkey-bin

< 2.33.1 >= 2.33.1

7 dev-libs/nspr < 4.10.6 >= 4.10.6

-------------------------------------------------------------------

7 affected packages

 

Description

===========

 

Multiple vulnerabilities have been discovered in Firefox, Thunderbird,

and SeaMonkey. Please review the CVE identifiers referenced below for

details.

 

Impact

======

 

A remote attacker could entice a user to view a specially crafted web

page or email, possibly resulting in execution of arbitrary code or a

Denial of Service condition. Furthermore, a remote attacker may be able

to perform Man-in-the-Middle attacks, obtain sensitive information,

spoof the address bar, conduct clickjacking attacks, bypass security

restrictions and protection mechanisms, or have other unspecified

impact.

 

Workaround

==========

 

There are no known workarounds at this time.

 

Resolution

==========

 

All firefox users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"

 

All firefox-bin users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"

 

All thunderbird users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"

 

All thunderbird-bin users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-31.5.0"

 

All seamonkey users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"

 

All seamonkey-bin users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=www-client/seamonkey-bin-2.33.1"

 

All nspr users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"

 

References

==========

 

[ 1 ] CVE-2013-1741

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741

[ 2 ] CVE-2013-2566

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566

[ 3 ] CVE-2013-5590

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590

[ 4 ] CVE-2013-5591

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591

[ 5 ] CVE-2013-5592

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592

[ 6 ] CVE-2013-5593

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593

[ 7 ] CVE-2013-5595

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595

[ 8 ] CVE-2013-5596

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596

[ 9 ] CVE-2013-5597

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597

[ 10 ] CVE-2013-5598

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598

[ 11 ] CVE-2013-5599

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599

[ 12 ] CVE-2013-5600

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600

[ 13 ] CVE-2013-5601

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601

[ 14 ] CVE-2013-5602

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602

[ 15 ] CVE-2013-5603

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603

[ 16 ] CVE-2013-5604

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604

[ 17 ] CVE-2013-5605

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605

[ 18 ] CVE-2013-5606

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606

[ 19 ] CVE-2013-5607

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607

[ 20 ] CVE-2013-5609

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609

[ 21 ] CVE-2013-5610

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610

[ 22 ] CVE-2013-5612

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612

[ 23 ] CVE-2013-5613

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613

[ 24 ] CVE-2013-5614

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614

[ 25 ] CVE-2013-5615

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615

[ 26 ] CVE-2013-5616

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616

[ 27 ] CVE-2013-5618

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618

[ 28 ] CVE-2013-5619

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619

[ 29 ] CVE-2013-6671

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671

[ 30 ] CVE-2013-6672

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672

[ 31 ] CVE-2013-6673

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673

[ 32 ] CVE-2014-1477

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477

[ 33 ] CVE-2014-1478

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478

[ 34 ] CVE-2014-1479

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479

[ 35 ] CVE-2014-1480

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480

[ 36 ] CVE-2014-1481

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481

[ 37 ] CVE-2014-1482

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482

[ 38 ] CVE-2014-1483

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483

[ 39 ] CVE-2014-1485

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485

[ 40 ] CVE-2014-1486

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486

[ 41 ] CVE-2014-1487

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487

[ 42 ] CVE-2014-1488

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488

[ 43 ] CVE-2014-1489

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489

[ 44 ] CVE-2014-1490

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490

[ 45 ] CVE-2014-1491

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491

[ 46 ] CVE-2014-1492

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492

[ 47 ] CVE-2014-1493

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493

[ 48 ] CVE-2014-1494

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494

[ 49 ] CVE-2014-1496

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496

[ 50 ] CVE-2014-1497

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497

[ 51 ] CVE-2014-1498

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498

[ 52 ] CVE-2014-1499

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499

[ 53 ] CVE-2014-1500

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500

[ 54 ] CVE-2014-1502

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502

[ 55 ] CVE-2014-1505

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505

[ 56 ] CVE-2014-1508

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508

[ 57 ] CVE-2014-1509

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509

[ 58 ] CVE-2014-1510

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510

[ 59 ] CVE-2014-1511

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511

[ 60 ] CVE-2014-1512

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512

[ 61 ] CVE-2014-1513

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513

[ 62 ] CVE-2014-1514

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514

[ 63 ] CVE-2014-1518

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518

[ 64 ] CVE-2014-1519

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519

[ 65 ] CVE-2014-1520

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520

[ 66 ] CVE-2014-1522

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522

[ 67 ] CVE-2014-1523

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523

[ 68 ] CVE-2014-1524

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524

[ 69 ] CVE-2014-1525

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525

[ 70 ] CVE-2014-1526

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526

[ 71 ] CVE-2014-1529

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529

[ 72 ] CVE-2014-1530

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530

[ 73 ] CVE-2014-1531

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531

[ 74 ] CVE-2014-1532

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532

[ 75 ] CVE-2014-1533

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533

[ 76 ] CVE-2014-1534

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534

[ 77 ] CVE-2014-1536

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536

[ 78 ] CVE-2014-1537

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537

[ 79 ] CVE-2014-1538

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538

[ 80 ] CVE-2014-1539

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539

[ 81 ] CVE-2014-1540

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540

[ 82 ] CVE-2014-1541

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541

[ 83 ] CVE-2014-1542

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542

[ 84 ] CVE-2014-1543

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543

[ 85 ] CVE-2014-1544

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544

[ 86 ] CVE-2014-1545

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545

[ 87 ] CVE-2014-1547

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547

[ 88 ] CVE-2014-1548

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548

[ 89 ] CVE-2014-1549

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549

[ 90 ] CVE-2014-1550

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550

[ 91 ] CVE-2014-1551

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551

[ 92 ] CVE-2014-1552

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552

[ 93 ] CVE-2014-1553

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553

[ 94 ] CVE-2014-1554

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554

[ 95 ] CVE-2014-1555

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555

[ 96 ] CVE-2014-1556

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556

[ 97 ] CVE-2014-1557

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557

[ 98 ] CVE-2014-1558

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558

[ 99 ] CVE-2014-1559

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559

[ 100 ] CVE-2014-1560

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560

[ 101 ] CVE-2014-1561

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561

[ 102 ] CVE-2014-1562

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562

[ 103 ] CVE-2014-1563

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563

[ 104 ] CVE-2014-1564

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564

[ 105 ] CVE-2014-1565

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565

[ 106 ] CVE-2014-1566

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566

[ 107 ] CVE-2014-1567

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567

[ 108 ] CVE-2014-1568

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568

[ 109 ] CVE-2014-1574

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574

[ 110 ] CVE-2014-1575

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575

[ 111 ] CVE-2014-1576

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576

[ 112 ] CVE-2014-1577

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577

[ 113 ] CVE-2014-1578

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578

[ 114 ] CVE-2014-1580

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580

[ 115 ] CVE-2014-1581

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581

[ 116 ] CVE-2014-1582

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582

[ 117 ] CVE-2014-1583

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583

[ 118 ] CVE-2014-1584

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584

[ 119 ] CVE-2014-1585

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585

[ 120 ] CVE-2014-1586

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586

[ 121 ] CVE-2014-1587

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587

[ 122 ] CVE-2014-1588

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588

[ 123 ] CVE-2014-1589

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589

[ 124 ] CVE-2014-1590

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590

[ 125 ] CVE-2014-1591

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591

[ 126 ] CVE-2014-1592

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592

[ 127 ] CVE-2014-1593

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593

[ 128 ] CVE-2014-1594

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594

[ 129 ] CVE-2014-5369

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369

[ 130 ] CVE-2014-8631

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631

[ 131 ] CVE-2014-8632

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632

[ 132 ] CVE-2014-8634

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634

[ 133 ] CVE-2014-8635

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635

[ 134 ] CVE-2014-8636

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636

[ 135 ] CVE-2014-8637

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637

[ 136 ] CVE-2014-8638

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638

[ 137 ] CVE-2014-8639

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639

[ 138 ] CVE-2014-8640

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640

[ 139 ] CVE-2014-8641

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641

[ 140 ] CVE-2014-8642

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642

[ 141 ] CVE-2015-0817

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817

[ 142 ] CVE-2015-0818

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818

[ 143 ] CVE-2015-0819

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819

[ 144 ] CVE-2015-0820

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820

[ 145 ] CVE-2015-0821

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821

[ 146 ] CVE-2015-0822

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822

[ 147 ] CVE-2015-0823

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823

[ 148 ] CVE-2015-0824

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824

[ 149 ] CVE-2015-0825

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825

[ 150 ] CVE-2015-0826

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826

[ 151 ] CVE-2015-0827

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827

[ 152 ] CVE-2015-0828

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828

[ 153 ] CVE-2015-0829

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829

[ 154 ] CVE-2015-0830

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830

[ 155 ] CVE-2015-0831

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831

[ 156 ] CVE-2015-0832

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832

[ 157 ] CVE-2015-0833

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833

[ 158 ] CVE-2015-0834

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834

[ 159 ] CVE-2015-0835

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835

[ 160 ] CVE-2015-0836

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836

[ 161 ] VE-2014-1504

 

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

https://security.gentoo.org/glsa/201504-01

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2015 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×