Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 201512-10 ] Mozilla Products: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201512-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

https://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Mozilla Products: Multiple vulnerabilities

Date: December 30, 2015

Bugs: #545232, #554036, #556942, #564818, #568376

ID: 201512-10

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been found in Mozilla Firefox and

Thunderbird, the worst of which may allow user-assisted execution of

arbitrary code.

 

Background

==========

 

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird

an open-source email client, both from the Mozilla Project.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 www-client/firefox < 38.5.0 >= 38.5.0

2 www-client/firefox-bin < 38.5.0 >= 38.5.0

3 mail-client/thunderbird < 38.5.0 >= 38.5.0

4 mail-client/thunderbird-bin

< 38.5.0 >= 38.5.0

-------------------------------------------------------------------

4 affected packages

 

Description

===========

 

Multiple vulnerabilities have been discovered in Mozilla Firefox and

Mozilla Thunderbird. Please review the CVE identifiers referenced below

for details.

 

Impact

======

 

A remote attacker could entice a user to view a specially crafted web

page or email, possibly resulting in execution of arbitrary code or a

Denial of Service condition.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Firefox users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"

 

All Firefox-bin users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"

 

All Thunderbird users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"

 

All Thunderbird-bin users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"

 

References

==========

 

[ 1 ] CVE-2015-0798

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798

[ 2 ] CVE-2015-0799

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799

[ 3 ] CVE-2015-0801

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801

[ 4 ] CVE-2015-0802

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802

[ 5 ] CVE-2015-0803

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803

[ 6 ] CVE-2015-0804

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804

[ 7 ] CVE-2015-0805

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805

[ 8 ] CVE-2015-0806

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806

[ 9 ] CVE-2015-0807

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807

[ 10 ] CVE-2015-0808

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808

[ 11 ] CVE-2015-0810

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810

[ 12 ] CVE-2015-0811

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811

[ 13 ] CVE-2015-0812

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812

[ 14 ] CVE-2015-0813

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813

[ 15 ] CVE-2015-0814

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814

[ 16 ] CVE-2015-0815

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815

[ 17 ] CVE-2015-0816

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816

[ 18 ] CVE-2015-2706

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706

[ 19 ] CVE-2015-2721

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721

[ 20 ] CVE-2015-2722

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722

[ 21 ] CVE-2015-2724

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724

[ 22 ] CVE-2015-2725

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725

[ 23 ] CVE-2015-2726

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726

[ 24 ] CVE-2015-2727

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727

[ 25 ] CVE-2015-2728

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728

[ 26 ] CVE-2015-2729

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729

[ 27 ] CVE-2015-2730

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730

[ 28 ] CVE-2015-2731

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731

[ 29 ] CVE-2015-2733

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733

[ 30 ] CVE-2015-2734

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734

[ 31 ] CVE-2015-2735

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735

[ 32 ] CVE-2015-2736

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736

[ 33 ] CVE-2015-2737

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737

[ 34 ] CVE-2015-2738

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738

[ 35 ] CVE-2015-2739

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739

[ 36 ] CVE-2015-2740

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740

[ 37 ] CVE-2015-2741

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741

[ 38 ] CVE-2015-2742

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742

[ 39 ] CVE-2015-2743

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743

[ 40 ] CVE-2015-2808

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808

[ 41 ] CVE-2015-4000

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

[ 42 ] CVE-2015-4495

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495

[ 43 ] CVE-2015-4513

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513

[ 44 ] CVE-2015-4514

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514

[ 45 ] CVE-2015-4515

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515

[ 46 ] CVE-2015-4518

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518

[ 47 ] CVE-2015-7181

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181

[ 48 ] CVE-2015-7182

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182

[ 49 ] CVE-2015-7183

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183

[ 50 ] CVE-2015-7187

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187

[ 51 ] CVE-2015-7188

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188

[ 52 ] CVE-2015-7189

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189

[ 53 ] CVE-2015-7191

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191

[ 54 ] CVE-2015-7192

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192

[ 55 ] CVE-2015-7193

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193

[ 56 ] CVE-2015-7194

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194

[ 57 ] CVE-2015-7195

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195

[ 58 ] CVE-2015-7196

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196

[ 59 ] CVE-2015-7197

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197

[ 60 ] CVE-2015-7198

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198

[ 61 ] CVE-2015-7199

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199

[ 62 ] CVE-2015-7200

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200

[ 63 ] CVE-2015-7201

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201

[ 64 ] CVE-2015-7202

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202

[ 65 ] CVE-2015-7203

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203

[ 66 ] CVE-2015-7204

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204

[ 67 ] CVE-2015-7205

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205

[ 68 ] CVE-2015-7207

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207

[ 69 ] CVE-2015-7208

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208

[ 70 ] CVE-2015-7210

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210

[ 71 ] CVE-2015-7211

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211

[ 72 ] CVE-2015-7212

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212

[ 73 ] CVE-2015-7213

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213

[ 74 ] CVE-2015-7214

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214

[ 75 ] CVE-2015-7215

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215

[ 76 ] CVE-2015-7216

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216

[ 77 ] CVE-2015-7217

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217

[ 78 ] CVE-2015-7218

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218

[ 79 ] CVE-2015-7219

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219

[ 80 ] CVE-2015-7220

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220

[ 81 ] CVE-2015-7221

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221

[ 82 ] CVE-2015-7222

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222

[ 83 ] CVE-2015-7223

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

https://security.gentoo.org/glsa/201512-10

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2015 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×