1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201810-01

[GLSA-201810-01] Mozilla Firefox: Multiple vulnerabilities

Severity High
Affected Packages 2
Unaffected Packages 2
CVEs 44
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

Background
Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.

Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the referenced CVE identifiers for details.

Impact
A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process or a Denial of Service condition. Furthermore,
a remote attacker may be able to perform Man-in-the-Middle attacks,
obtain sensitive information, spoof the address bar, conduct clickjacking
attacks, bypass security restrictions and protection mechanisms, or have
other unspecified impact.

Workaround
There is no known workaround at this time.

Resolution
All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-60.2.2"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.2.2"

Package Affected Version
pkg:ebuild/www-client/firefox?distro=gentoo < 60.2.2
pkg:ebuild/www-client/firefox-bin?distro=gentoo < 60.2.2
Package Unaffected Version
pkg:ebuild/www-client/firefox?distro=gentoo >= 60.2.2
pkg:ebuild/www-client/firefox-bin?distro=gentoo >= 60.2.2
ID
GLSA-201810-01
Severity
high
URL
https://security.gentoo.org/glsa/201810-01
Published
2018-10-02T00:00:00
(6 years ago)
Modified
2018-10-02T00:00:00
(6 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2017-16541 CVE-2017-16541 https://nvd.nist.gov/vuln/detail/CVE-2017-16541
CVE CVE-2018-12358 CVE-2018-12358 https://nvd.nist.gov/vuln/detail/CVE-2018-12358
CVE CVE-2018-12359 CVE-2018-12359 https://nvd.nist.gov/vuln/detail/CVE-2018-12359
CVE CVE-2018-12360 CVE-2018-12360 https://nvd.nist.gov/vuln/detail/CVE-2018-12360
CVE CVE-2018-12361 CVE-2018-12361 https://nvd.nist.gov/vuln/detail/CVE-2018-12361
CVE CVE-2018-12362 CVE-2018-12362 https://nvd.nist.gov/vuln/detail/CVE-2018-12362
CVE CVE-2018-12363 CVE-2018-12363 https://nvd.nist.gov/vuln/detail/CVE-2018-12363
CVE CVE-2018-12364 CVE-2018-12364 https://nvd.nist.gov/vuln/detail/CVE-2018-12364
CVE CVE-2018-12365 CVE-2018-12365 https://nvd.nist.gov/vuln/detail/CVE-2018-12365
CVE CVE-2018-12366 CVE-2018-12366 https://nvd.nist.gov/vuln/detail/CVE-2018-12366
CVE CVE-2018-12367 CVE-2018-12367 https://nvd.nist.gov/vuln/detail/CVE-2018-12367
CVE CVE-2018-12368 CVE-2018-12368 https://nvd.nist.gov/vuln/detail/CVE-2018-12368
CVE CVE-2018-12369 CVE-2018-12369 https://nvd.nist.gov/vuln/detail/CVE-2018-12369
CVE CVE-2018-12370 CVE-2018-12370 https://nvd.nist.gov/vuln/detail/CVE-2018-12370
CVE CVE-2018-12371 CVE-2018-12371 https://nvd.nist.gov/vuln/detail/CVE-2018-12371
CVE CVE-2018-12376 CVE-2018-12376 https://nvd.nist.gov/vuln/detail/CVE-2018-12376
CVE CVE-2018-12377 CVE-2018-12377 https://nvd.nist.gov/vuln/detail/CVE-2018-12377
CVE CVE-2018-12378 CVE-2018-12378 https://nvd.nist.gov/vuln/detail/CVE-2018-12378
CVE CVE-2018-12379 CVE-2018-12379 https://nvd.nist.gov/vuln/detail/CVE-2018-12379
CVE CVE-2018-12381 CVE-2018-12381 https://nvd.nist.gov/vuln/detail/CVE-2018-12381
CVE CVE-2018-12383 CVE-2018-12383 https://nvd.nist.gov/vuln/detail/CVE-2018-12383
CVE CVE-2018-12385 CVE-2018-12385 https://nvd.nist.gov/vuln/detail/CVE-2018-12385
CVE CVE-2018-12386 CVE-2018-12386 https://nvd.nist.gov/vuln/detail/CVE-2018-12386
CVE CVE-2018-12387 CVE-2018-12387 https://nvd.nist.gov/vuln/detail/CVE-2018-12387
CVE CVE-2018-5125 CVE-2018-5125 https://nvd.nist.gov/vuln/detail/CVE-2018-5125
CVE CVE-2018-5127 CVE-2018-5127 https://nvd.nist.gov/vuln/detail/CVE-2018-5127
CVE CVE-2018-5129 CVE-2018-5129 https://nvd.nist.gov/vuln/detail/CVE-2018-5129
CVE CVE-2018-5130 CVE-2018-5130 https://nvd.nist.gov/vuln/detail/CVE-2018-5130
CVE CVE-2018-5131 CVE-2018-5131 https://nvd.nist.gov/vuln/detail/CVE-2018-5131
CVE CVE-2018-5144 CVE-2018-5144 https://nvd.nist.gov/vuln/detail/CVE-2018-5144
CVE CVE-2018-5150 CVE-2018-5150 https://nvd.nist.gov/vuln/detail/CVE-2018-5150
CVE CVE-2018-5154 CVE-2018-5154 https://nvd.nist.gov/vuln/detail/CVE-2018-5154
CVE CVE-2018-5155 CVE-2018-5155 https://nvd.nist.gov/vuln/detail/CVE-2018-5155
CVE CVE-2018-5156 CVE-2018-5156 https://nvd.nist.gov/vuln/detail/CVE-2018-5156
CVE CVE-2018-5157 CVE-2018-5157 https://nvd.nist.gov/vuln/detail/CVE-2018-5157
CVE CVE-2018-5158 CVE-2018-5158 https://nvd.nist.gov/vuln/detail/CVE-2018-5158
CVE CVE-2018-5159 CVE-2018-5159 https://nvd.nist.gov/vuln/detail/CVE-2018-5159
CVE CVE-2018-5168 CVE-2018-5168 https://nvd.nist.gov/vuln/detail/CVE-2018-5168
CVE CVE-2018-5178 CVE-2018-5178 https://nvd.nist.gov/vuln/detail/CVE-2018-5178
CVE CVE-2018-5183 CVE-2018-5183 https://nvd.nist.gov/vuln/detail/CVE-2018-5183
CVE CVE-2018-5186 CVE-2018-5186 https://nvd.nist.gov/vuln/detail/CVE-2018-5186
CVE CVE-2018-5187 CVE-2018-5187 https://nvd.nist.gov/vuln/detail/CVE-2018-5187
CVE CVE-2018-5188 CVE-2018-5188 https://nvd.nist.gov/vuln/detail/CVE-2018-5188
CVE CVE-2018-6126 CVE-2018-6126 https://nvd.nist.gov/vuln/detail/CVE-2018-6126
Bugzilla 650422 Bugzilla #650422 https://bugs.gentoo.org/show_bug.cgi?id=650422
Bugzilla 657976 Bugzilla #657976 https://bugs.gentoo.org/show_bug.cgi?id=657976
Bugzilla 659432 Bugzilla #659432 https://bugs.gentoo.org/show_bug.cgi?id=659432
Bugzilla 665496 Bugzilla #665496 https://bugs.gentoo.org/show_bug.cgi?id=665496
Bugzilla 666760 Bugzilla #666760 https://bugs.gentoo.org/show_bug.cgi?id=666760
Bugzilla 667612 Bugzilla #667612 https://bugs.gentoo.org/show_bug.cgi?id=667612
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox < 60.2.2 gentoo
Unaffected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox >= 60.2.2 gentoo
Affected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin < 60.2.2 gentoo
Unaffected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin >= 60.2.2 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date