1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201309-23

[GLSA-201309-23] Mozilla Products: Multiple vulnerabilities

Severity High
Affected Packages 6
Unaffected Packages 6
CVEs 100
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code.

Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
‘Mozilla Application Suite’.

Description
Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
below for details.

Impact
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Further, a remote attacker could conduct XSS
attacks, spoof URLs, bypass address space layout randomization, conduct
clickjacking attacks, obtain potentially sensitive information, bypass
access restrictions, modify the local filesystem, or conduct other
unspecified attacks.

Workaround
There is no known workaround at this time.

Resolution
All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"

All users of the Mozilla Firefox binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"

All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-17.0.9"

All SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"

All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"

Package Affected Version
pkg:ebuild/www-client/seamonkey?distro=gentoo < 2.21
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo < 2.21
pkg:ebuild/www-client/firefox?distro=gentoo < 17.0.9
pkg:ebuild/www-client/firefox-bin?distro=gentoo < 17.0.9
pkg:ebuild/mail-client/thunderbird?distro=gentoo < 17.0.9
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo < 17.0.9
Package Unaffected Version
pkg:ebuild/www-client/seamonkey?distro=gentoo >= 2.21
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo >= 2.21
pkg:ebuild/www-client/firefox?distro=gentoo >= 17.0.9
pkg:ebuild/www-client/firefox-bin?distro=gentoo >= 17.0.9
pkg:ebuild/mail-client/thunderbird?distro=gentoo >= 17.0.9
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo >= 17.0.9
ID
GLSA-201309-23
Severity
high
URL
https://security.gentoo.org/glsa/201309-23
Published
2013-09-27T00:00:00
(11 years ago)
Modified
2013-09-27T00:00:00
(11 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2013-0744 CVE-2013-0744 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744
CVE CVE-2013-0745 CVE-2013-0745 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745
CVE CVE-2013-0746 CVE-2013-0746 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746
CVE CVE-2013-0747 CVE-2013-0747 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747
CVE CVE-2013-0748 CVE-2013-0748 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748
CVE CVE-2013-0749 CVE-2013-0749 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749
CVE CVE-2013-0750 CVE-2013-0750 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750
CVE CVE-2013-0751 CVE-2013-0751 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751
CVE CVE-2013-0752 CVE-2013-0752 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752
CVE CVE-2013-0753 CVE-2013-0753 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753
CVE CVE-2013-0754 CVE-2013-0754 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754
CVE CVE-2013-0755 CVE-2013-0755 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755
CVE CVE-2013-0756 CVE-2013-0756 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756
CVE CVE-2013-0757 CVE-2013-0757 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757
CVE CVE-2013-0758 CVE-2013-0758 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758
CVE CVE-2013-0759 CVE-2013-0759 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759
CVE CVE-2013-0760 CVE-2013-0760 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760
CVE CVE-2013-0761 CVE-2013-0761 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761
CVE CVE-2013-0762 CVE-2013-0762 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762
CVE CVE-2013-0763 CVE-2013-0763 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763
CVE CVE-2013-0764 CVE-2013-0764 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764
CVE CVE-2013-0765 CVE-2013-0765 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765
CVE CVE-2013-0766 CVE-2013-0766 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766
CVE CVE-2013-0767 CVE-2013-0767 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767
CVE CVE-2013-0768 CVE-2013-0768 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768
CVE CVE-2013-0769 CVE-2013-0769 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769
CVE CVE-2013-0770 CVE-2013-0770 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770
CVE CVE-2013-0771 CVE-2013-0771 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771
CVE CVE-2013-0772 CVE-2013-0772 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772
CVE CVE-2013-0773 CVE-2013-0773 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773
CVE CVE-2013-0774 CVE-2013-0774 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774
CVE CVE-2013-0775 CVE-2013-0775 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775
CVE CVE-2013-0776 CVE-2013-0776 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776
CVE CVE-2013-0777 CVE-2013-0777 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777
CVE CVE-2013-0778 CVE-2013-0778 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778
CVE CVE-2013-0779 CVE-2013-0779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779
CVE CVE-2013-0780 CVE-2013-0780 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780
CVE CVE-2013-0781 CVE-2013-0781 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781
CVE CVE-2013-0782 CVE-2013-0782 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782
CVE CVE-2013-0783 CVE-2013-0783 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783
CVE CVE-2013-0784 CVE-2013-0784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784
CVE CVE-2013-0787 CVE-2013-0787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787
CVE CVE-2013-0788 CVE-2013-0788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788
CVE CVE-2013-0789 CVE-2013-0789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789
CVE CVE-2013-0791 CVE-2013-0791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791
CVE CVE-2013-0792 CVE-2013-0792 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792
CVE CVE-2013-0793 CVE-2013-0793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793
CVE CVE-2013-0794 CVE-2013-0794 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794
CVE CVE-2013-0795 CVE-2013-0795 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795
CVE CVE-2013-0796 CVE-2013-0796 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796
CVE CVE-2013-0797 CVE-2013-0797 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797
CVE CVE-2013-0799 CVE-2013-0799 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799
CVE CVE-2013-0800 CVE-2013-0800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800
CVE CVE-2013-0801 CVE-2013-0801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801
CVE CVE-2013-1670 CVE-2013-1670 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670
CVE CVE-2013-1671 CVE-2013-1671 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671
CVE CVE-2013-1674 CVE-2013-1674 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674
CVE CVE-2013-1675 CVE-2013-1675 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675
CVE CVE-2013-1676 CVE-2013-1676 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676
CVE CVE-2013-1677 CVE-2013-1677 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677
CVE CVE-2013-1678 CVE-2013-1678 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678
CVE CVE-2013-1679 CVE-2013-1679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679
CVE CVE-2013-1680 CVE-2013-1680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680
CVE CVE-2013-1681 CVE-2013-1681 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681
CVE CVE-2013-1682 CVE-2013-1682 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682
CVE CVE-2013-1684 CVE-2013-1684 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684
CVE CVE-2013-1687 CVE-2013-1687 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687
CVE CVE-2013-1690 CVE-2013-1690 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690
CVE CVE-2013-1692 CVE-2013-1692 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692
CVE CVE-2013-1693 CVE-2013-1693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693
CVE CVE-2013-1694 CVE-2013-1694 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694
CVE CVE-2013-1697 CVE-2013-1697 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697
CVE CVE-2013-1701 CVE-2013-1701 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701
CVE CVE-2013-1702 CVE-2013-1702 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702
CVE CVE-2013-1704 CVE-2013-1704 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704
CVE CVE-2013-1705 CVE-2013-1705 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705
CVE CVE-2013-1707 CVE-2013-1707 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707
CVE CVE-2013-1708 CVE-2013-1708 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708
CVE CVE-2013-1709 CVE-2013-1709 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709
CVE CVE-2013-1710 CVE-2013-1710 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710
CVE CVE-2013-1711 CVE-2013-1711 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711
CVE CVE-2013-1712 CVE-2013-1712 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712
CVE CVE-2013-1713 CVE-2013-1713 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713
CVE CVE-2013-1714 CVE-2013-1714 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714
CVE CVE-2013-1717 CVE-2013-1717 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717
CVE CVE-2013-1718 CVE-2013-1718 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718
CVE CVE-2013-1719 CVE-2013-1719 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719
CVE CVE-2013-1720 CVE-2013-1720 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720
CVE CVE-2013-1722 CVE-2013-1722 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722
CVE CVE-2013-1723 CVE-2013-1723 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723
CVE CVE-2013-1724 CVE-2013-1724 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724
CVE CVE-2013-1725 CVE-2013-1725 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725
CVE CVE-2013-1726 CVE-2013-1726 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726
CVE CVE-2013-1728 CVE-2013-1728 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728
CVE CVE-2013-1730 CVE-2013-1730 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730
CVE CVE-2013-1732 CVE-2013-1732 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732
CVE CVE-2013-1735 CVE-2013-1735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735
CVE CVE-2013-1736 CVE-2013-1736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736
CVE CVE-2013-1737 CVE-2013-1737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737
CVE CVE-2013-1738 CVE-2013-1738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738
Bugzilla 450940 Bugzilla #450940 https://bugs.gentoo.org/show_bug.cgi?id=450940
Bugzilla 458390 Bugzilla #458390 https://bugs.gentoo.org/show_bug.cgi?id=458390
Bugzilla 460818 Bugzilla #460818 https://bugs.gentoo.org/show_bug.cgi?id=460818
Bugzilla 464226 Bugzilla #464226 https://bugs.gentoo.org/show_bug.cgi?id=464226
Bugzilla 469868 Bugzilla #469868 https://bugs.gentoo.org/show_bug.cgi?id=469868
Bugzilla 474758 Bugzilla #474758 https://bugs.gentoo.org/show_bug.cgi?id=474758
Bugzilla 479968 Bugzilla #479968 https://bugs.gentoo.org/show_bug.cgi?id=479968
Bugzilla 485258 Bugzilla #485258 https://bugs.gentoo.org/show_bug.cgi?id=485258
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/www-client/seamonkey?distro=gentoo www-client seamonkey < 2.21 gentoo
Unaffected pkg:ebuild/www-client/seamonkey?distro=gentoo www-client seamonkey >= 2.21 gentoo
Affected pkg:ebuild/www-client/seamonkey-bin?distro=gentoo www-client seamonkey-bin < 2.21 gentoo
Unaffected pkg:ebuild/www-client/seamonkey-bin?distro=gentoo www-client seamonkey-bin >= 2.21 gentoo
Affected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox < 17.0.9 gentoo
Unaffected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox >= 17.0.9 gentoo
Affected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin < 17.0.9 gentoo
Unaffected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin >= 17.0.9 gentoo
Affected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird < 17.0.9 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird >= 17.0.9 gentoo
Affected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin < 17.0.9 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin >= 17.0.9 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date