Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202003-02 ] Mozilla Firefox: Multiple vulnerabilities
Date: Thu, 12 Mar 2020 19:17:09
Message-Id: 9190da9d-1fe4-4314-46ca-52bcdae2167b@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202003-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox: Multiple vulnerabilities
9 Date: March 12, 2020
10 Bugs: #702638, #705000, #709346, #712182
11 ID: 202003-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 Project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 68.6.0 >= 68.6.0
34 2 www-client/firefox-bin < 68.6.0 >= 68.6.0
35 -------------------------------------------------------------------
36 2 affected packages
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Mozilla Firefox.
42 Please review the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 A remote attacker could entice a user to view a specially crafted web
48 page, possibly resulting in the execution of arbitrary code with the
49 privileges of the process or a Denial of Service condition.
50 Furthermore, a remote attacker may be able to perform Man-in-the-Middle
51 attacks, obtain sensitive information, spoof the address bar, conduct
52 clickjacking attacks, bypass security restrictions and protection
53 mechanisms, or have other unspecified impact.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Mozilla Firefox users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0"
67
68 All Mozilla Firefox binary users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2019-11745
77 https://nvd.nist.gov/vuln/detail/CVE-2019-11745
78 [ 2 ] CVE-2019-17005
79 https://nvd.nist.gov/vuln/detail/CVE-2019-17005
80 [ 3 ] CVE-2019-17008
81 https://nvd.nist.gov/vuln/detail/CVE-2019-17008
82 [ 4 ] CVE-2019-17010
83 https://nvd.nist.gov/vuln/detail/CVE-2019-17010
84 [ 5 ] CVE-2019-17011
85 https://nvd.nist.gov/vuln/detail/CVE-2019-17011
86 [ 6 ] CVE-2019-17012
87 https://nvd.nist.gov/vuln/detail/CVE-2019-17012
88 [ 7 ] CVE-2019-17016
89 https://nvd.nist.gov/vuln/detail/CVE-2019-17016
90 [ 8 ] CVE-2019-17017
91 https://nvd.nist.gov/vuln/detail/CVE-2019-17017
92 [ 9 ] CVE-2019-17022
93 https://nvd.nist.gov/vuln/detail/CVE-2019-17022
94 [ 10 ] CVE-2019-17024
95 https://nvd.nist.gov/vuln/detail/CVE-2019-17024
96 [ 11 ] CVE-2019-17026
97 https://nvd.nist.gov/vuln/detail/CVE-2019-17026
98 [ 12 ] CVE-2019-20503
99 https://nvd.nist.gov/vuln/detail/CVE-2019-20503
100 [ 13 ] CVE-2020-6796
101 https://nvd.nist.gov/vuln/detail/CVE-2020-6796
102 [ 14 ] CVE-2020-6797
103 https://nvd.nist.gov/vuln/detail/CVE-2020-6797
104 [ 15 ] CVE-2020-6798
105 https://nvd.nist.gov/vuln/detail/CVE-2020-6798
106 [ 16 ] CVE-2020-6799
107 https://nvd.nist.gov/vuln/detail/CVE-2020-6799
108 [ 17 ] CVE-2020-6800
109 https://nvd.nist.gov/vuln/detail/CVE-2020-6800
110 [ 18 ] CVE-2020-6805
111 https://nvd.nist.gov/vuln/detail/CVE-2020-6805
112 [ 19 ] CVE-2020-6806
113 https://nvd.nist.gov/vuln/detail/CVE-2020-6806
114 [ 20 ] CVE-2020-6807
115 https://nvd.nist.gov/vuln/detail/CVE-2020-6807
116 [ 21 ] CVE-2020-6811
117 https://nvd.nist.gov/vuln/detail/CVE-2020-6811
118 [ 22 ] CVE-2020-6812
119 https://nvd.nist.gov/vuln/detail/CVE-2020-6812
120 [ 23 ] CVE-2020-6814
121 https://nvd.nist.gov/vuln/detail/CVE-2020-6814
122 [ 24 ] MFSA-2019-37
123 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
124 [ 25 ] MFSA-2020-03
125 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
126 [ 26 ] MFSA-2020-06
127 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
128 [ 27 ] MFSA-2020-09
129 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
130
131 Availability
132 ============
133
134 This GLSA and any updates to it are available for viewing at
135 the Gentoo Security Website:
136
137 https://security.gentoo.org/glsa/202003-02
138
139 Concerns?
140 =========
141
142 Security is a primary focus of Gentoo Linux and ensuring the
143 confidentiality and security of our users' machines is of utmost
144 importance to us. Any security concerns should be addressed to
145 security@g.o or alternatively, you may file a bug at
146 https://bugs.gentoo.org.
147
148 License
149 =======
150
151 Copyright 2020 Gentoo Foundation, Inc; referenced text
152 belongs to its owner(s).
153
154 The contents of this document are licensed under the
155 Creative Commons - Attribution / Share Alike license.
156
157 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups