[GLSA-201504-01] Mozilla Products: Multiple vulnerabilities
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
open-source email client, both from the Mozilla Project. The SeaMonkey
project is a community effort to deliver production-quality releases of
code derived from the application formerly known as the ‘Mozilla
Application Suite’.
Description
Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
and SeaMonkey. Please review the CVE identifiers referenced below for
details.
Impact
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impact.
Workaround
There are no known workarounds at this time.
Resolution
All firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"
All firefox-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"
All thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"
All thunderbird-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-31.5.0"
All seamonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"
All seamonkey-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.33.1"
All nspr users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"
| Package | Affected Version |
|---|---|
 pkg:ebuild/www-client/seamonkey?distro=gentoo
|
< 2.33.1 |
|
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo
|
< 2.33.1 |
|
pkg:ebuild/www-client/firefox?distro=gentoo
|
< 31.5.3 |
|
pkg:ebuild/www-client/firefox-bin?distro=gentoo
|
< 31.5.3 |
|
pkg:ebuild/mail-client/thunderbird?distro=gentoo
|
< 31.5.0 |
|
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo
|
< 31.5.0 |
|
pkg:ebuild/dev-libs/nspr?distro=gentoo
|
< 4.10.6 |
| Package | Unaffected Version |
|---|---|
|
pkg:ebuild/www-client/seamonkey?distro=gentoo
|
>= 2.33.1 |
|
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo
|
>= 2.33.1 |
|
pkg:ebuild/www-client/firefox?distro=gentoo
|
>= 31.5.3 |
|
pkg:ebuild/www-client/firefox-bin?distro=gentoo
|
>= 31.5.3 |
|
pkg:ebuild/mail-client/thunderbird?distro=gentoo
|
>= 31.5.0 |
|
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo
|
>= 31.5.0 |
|
pkg:ebuild/dev-libs/nspr?distro=gentoo
|
>= 4.10.6 |
- ID
- GLSA-201504-01
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201504-01
- Published
-
2015-04-07T00:00:00
(9 years ago) - Modified
-
2015-04-08T00:00:00
(9 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
-
ALAS-2013-265
-
ALAS-2013-266
-
ALAS-2014-384
-
ALAS-2014-385
-
ALAS-2014-422
-
ALAS-2014-423
-
ALAS-2014-424
-
DSA-2788-1
-
DSA-2797-1
-
DSA-2800-1
-
DSA-2820-1
-
DSA-2858-1
-
DSA-2881-1
-
DSA-2911-1
-
DSA-2918-1
-
DSA-2924-1
-
DSA-2955-1
-
DSA-2960-1
-
DSA-2962-1
-
DSA-2986-1
-
DSA-2994-1
-
DSA-2996-1
-
DSA-3018-1
-
DSA-3028-1
-
DSA-3033-1
-
DSA-3034-1
-
DSA-3037-1
-
DSA-3050-1
-
DSA-3061-1
-
DSA-3071-1
-
DSA-3090-1
-
DSA-3092-1
-
DSA-3127-1
-
DSA-3132-1
-
DSA-3174-1
-
DSA-3179-1
-
DSA-3201-1
-
ELSA-2013-1476
-
ELSA-2013-1480
-
ELSA-2013-1791
-
ELSA-2013-1812
-
ELSA-2013-1823
-
ELSA-2013-1829
-
ELSA-2014-0132
-
ELSA-2014-0133
-
ELSA-2014-0310
-
ELSA-2014-0316
-
ELSA-2014-0448
-
ELSA-2014-0449
-
ELSA-2014-0741
-
ELSA-2014-0742
-
ELSA-2014-0916
-
ELSA-2014-0917
-
ELSA-2014-0918
-
ELSA-2014-0919
-
ELSA-2014-1073
-
ELSA-2014-1144
-
ELSA-2014-1145
-
ELSA-2014-1246
-
ELSA-2014-1307
-
ELSA-2014-1635
-
ELSA-2014-1647
-
ELSA-2014-1919
-
ELSA-2014-1924
-
ELSA-2015-0046
-
ELSA-2015-0047
-
ELSA-2015-0265
-
ELSA-2015-0266
-
ELSA-2015-0642
-
ELSA-2015-0718
-
FEDORA-2013-22756
-
FEDORA-2013-23139
-
FEDORA-2013-23159
-
FEDORA-2013-23301
-
FEDORA-2013-23479
-
FEDORA-2013-23683
-
FEDORA-2013-23900
-
FEDORA-2013-23922
-
FEDORA-2014-1100
-
FEDORA-2014-1120
-
FEDORA-2014-11518
-
FEDORA-2014-11565
-
FEDORA-2014-11632
-
FEDORA-2014-16530
-
FEDORA-2014-7279
-
FEDORA-2014-7310
-
FEDORA-2014-9919
-
FEDORA-2014-9944
-
FEDORA-2014-9954
-
FEDORA-2015-9161
-
FREEBSD:1753F0FF-8DD5-11E3-9B45-B4B52FCE4CE8
-
FREEBSD:42C98CEF-62B1-4B8B-9065-F4621E08D526
-
FREEBSD:48108FB0-751C-4CBB-8F33-09239EAD4B55
-
FREEBSD:610DE647-AF8D-11E3-A25B-B4B52FCE4CE8
-
FREEBSD:76FF65F4-17CA-4D3F-864A-A3D6026194FB
-
FREEBSD:7AE61870-9DD2-4884-A2F2-F19BB5784D09
-
FREEBSD:81F866AD-41A4-11E3-A4AF-0025905A4771
-
FREEBSD:888A0262-F0D9-11E3-BA0C-B4B52FCE4CE8
-
FREEBSD:978B0F76-122D-11E4-AFE3-BC5FF4FB5E7B
-
FREEBSD:985D4D6C-CFBD-11E3-A003-B4B52FCE4CE8
-
FREEBSD:99029172-8253-407D-9D8B-2CFEAB9ABF81
-
FREEBSD:9C1495AC-8D8C-4789-A0F3-8CA6B476619C
-
FREEBSD:BD62C640-9BB9-11E4-A5AD-000C297FB80F
-
FREEBSD:D9B43004-F5FD-4807-B1D7-DBF66455B244
-
FREEBSD:DD116B19-64B3-11E3-868F-0025905A4771
-
GLSA-201406-19
-
RHBA-2015:0364
-
RHSA-2013:1476
-
RHSA-2013:1480
-
RHSA-2013:1812
-
RHSA-2013:1823
-
RHSA-2013:1829
-
RHSA-2014:0132
-
RHSA-2014:0133
-
RHSA-2014:0310
-
RHSA-2014:0316
-
RHSA-2014:0448
-
RHSA-2014:0449
-
RHSA-2014:0741
-
RHSA-2014:0742
-
RHSA-2014:0916
-
RHSA-2014:0917
-
RHSA-2014:0918
-
RHSA-2014:0919
-
RHSA-2014:1073
-
RHSA-2014:1144
-
RHSA-2014:1145
-
RHSA-2014:1307
-
RHSA-2014:1635
-
RHSA-2014:1647
-
RHSA-2014:1919
-
RHSA-2014:1924
-
RHSA-2015:0046
-
RHSA-2015:0047
-
RHSA-2015:0265
-
RHSA-2015:0266
-
RHSA-2015:0642
-
RHSA-2015:0718
-
SSA:2014-086-04
-
SUSE-SU-2015:0412-1
-
SUSE-SU-2015:0446-1
-
SUSE-SU-2015:0447-1
-
SUSE-SU-2015:0593-1
-
SUSE-SU-2015:0593-2
-
SUSE-SU-2015:0630-1
-
USN-2009-1
-
USN-2010-1
-
USN-2030-1
-
USN-2031-1
-
USN-2032-1
-
USN-2052-1
-
USN-2053-1
-
USN-2087-1
-
USN-2102-1
-
USN-2119-1
-
USN-2150-1
-
USN-2151-1
-
USN-2159-1
-
USN-2185-1
-
USN-2189-1
-
USN-2243-1
-
USN-2250-1
-
USN-2265-1
-
USN-2295-1
-
USN-2296-1
-
USN-2329-1
-
USN-2330-1
-
USN-2343-1
-
USN-2360-1
-
USN-2360-2
-
USN-2361-1
-
USN-2372-1
-
USN-2373-1
-
USN-2424-1
-
USN-2428-1
-
USN-2458-1
-
USN-2460-1
-
USN-2505-1
-
USN-2506-1
-
USN-2538-1
-
VU:772676
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:ebuild/www-client/seamonkey?distro=gentoo | www-client |
seamonkey
|
< 2.33.1 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/seamonkey?distro=gentoo | www-client |
seamonkey
|
>= 2.33.1 | gentoo | ||
| Affected | pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | www-client |
seamonkey-bin
|
< 2.33.1 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | www-client |
seamonkey-bin
|
>= 2.33.1 | gentoo | ||
| Affected | pkg:ebuild/www-client/firefox?distro=gentoo | www-client |
firefox
|
< 31.5.3 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox?distro=gentoo | www-client |
firefox
|
>= 31.5.3 | gentoo | ||
| Affected | pkg:ebuild/www-client/firefox-bin?distro=gentoo | www-client |
firefox-bin
|
< 31.5.3 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox-bin?distro=gentoo | www-client |
firefox-bin
|
>= 31.5.3 | gentoo | ||
| Affected | pkg:ebuild/mail-client/thunderbird?distro=gentoo | mail-client |
thunderbird
|
< 31.5.0 | gentoo | ||
| Unaffected | pkg:ebuild/mail-client/thunderbird?distro=gentoo | mail-client |
thunderbird
|
>= 31.5.0 | gentoo | ||
| Affected | pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | mail-client |
thunderbird-bin
|
< 31.5.0 | gentoo | ||
| Unaffected | pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | mail-client |
thunderbird-bin
|
>= 31.5.0 | gentoo | ||
| Affected | pkg:ebuild/dev-libs/nspr?distro=gentoo | dev-libs |
nspr
|
< 4.10.6 | gentoo | ||
| Unaffected | pkg:ebuild/dev-libs/nspr?distro=gentoo | dev-libs |
nspr
|
>= 4.10.6 | gentoo |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |