[gentoo-announce] [ GLSA 202007-10 ] Mozilla Firefox: Multiple vulnerabilities - gentoo-announce

From:	Sam James <sam@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202007-10 ] Mozilla Firefox: Multiple vulnerabilities
Date:	Sun, 26 Jul 2020 23:44:36
Message-Id:	`8C88ACC4-A26D-459C-BC62-EE0C21648B61@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202007-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Mozilla Firefox: Multiple vulnerabilities

9

     Date: July 26, 2020

10

     Bugs: #730418

11

       ID: 202007-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Mozilla Firefox, the worst

19

of which could result in the arbitrary execution of code.

20

21

Background

22

==========

23

24

Mozilla Firefox is a popular open-source web browser from the Mozilla

25

Project.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-client/firefox          < 68.10.0                 >= 68.10.0

34

  2  www-client/firefox-bin      < 68.10.0                 >= 68.10.0

35

    -------------------------------------------------------------------

36

     2 affected packages

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in Mozilla Firefox.

42

Please review the CVE identifiers referenced below for details.

43

44

Impact

45

======

46

47

Please review the referenced CVE identifiers for details.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All Mozilla Firefox users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot --verbose ">=www-client/firefox-68.10.0"

61

62

All Mozilla Firefox binary users should upgrade to the latest version:

63

64

  # emerge --sync

65

  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.10.0"

66

67

References

68

==========

69

70

[  1 ] CVE-2020-12402

71

       https://nvd.nist.gov/vuln/detail/CVE-2020-12402

72

[  2 ] CVE-2020-12415

73

       https://nvd.nist.gov/vuln/detail/CVE-2020-12415

74

[  3 ] CVE-2020-12416

75

       https://nvd.nist.gov/vuln/detail/CVE-2020-12416

76

[  4 ] CVE-2020-12417

77

       https://nvd.nist.gov/vuln/detail/CVE-2020-12417

78

[  5 ] CVE-2020-12418

79

       https://nvd.nist.gov/vuln/detail/CVE-2020-12418

80

[  6 ] CVE-2020-12419

81

       https://nvd.nist.gov/vuln/detail/CVE-2020-12419

82

[  7 ] CVE-2020-12420

83

       https://nvd.nist.gov/vuln/detail/CVE-2020-12420

84

[  8 ] CVE-2020-12421

85

       https://nvd.nist.gov/vuln/detail/CVE-2020-12421

86

[  9 ] CVE-2020-12422

87

       https://nvd.nist.gov/vuln/detail/CVE-2020-12422

88

[ 10 ] CVE-2020-12424

89

       https://nvd.nist.gov/vuln/detail/CVE-2020-12424

90

[ 11 ] CVE-2020-12425

91

       https://nvd.nist.gov/vuln/detail/CVE-2020-12425

92

[ 12 ] CVE-2020-12426

93

       https://nvd.nist.gov/vuln/detail/CVE-2020-12426

94

95

Availability

96

============

97

98

This GLSA and any updates to it are available for viewing at

99

the Gentoo Security Website:

100

101

 https://security.gentoo.org/glsa/202007-10

102

103

Concerns?

104

=========

105

106

Security is a primary focus of Gentoo Linux and ensuring the

107

confidentiality and security of our users' machines is of utmost

108

importance to us. Any security concerns should be addressed to

109

security@g.o or alternatively, you may file a bug at

110

https://bugs.gentoo.org.

111

112

License

113

=======

114

115

Copyright 2020 Gentoo Foundation, Inc; referenced text

116

belongs to its owner(s).

117

118

The contents of this document are licensed under the

119

Creative Commons - Attribution / Share Alike license.

120

121

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202007-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Mozilla Firefox: Multiple vulnerabilities
9	Date: July 26, 2020
10	Bugs: #730418
11	ID: 202007-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19	of which could result in the arbitrary execution of code.
20
21	Background
22	==========
23
24	Mozilla Firefox is a popular open-source web browser from the Mozilla
25	Project.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-client/firefox < 68.10.0 >= 68.10.0
34	2 www-client/firefox-bin < 68.10.0 >= 68.10.0
35	-------------------------------------------------------------------
36	2 affected packages
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in Mozilla Firefox.
42	Please review the CVE identifiers referenced below for details.
43
44	Impact
45	======
46
47	Please review the referenced CVE identifiers for details.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All Mozilla Firefox users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot --verbose ">=www-client/firefox-68.10.0"
61
62	All Mozilla Firefox binary users should upgrade to the latest version:
63
64	# emerge --sync
65	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.10.0"
66
67	References
68	==========
69
70	[ 1 ] CVE-2020-12402
71	https://nvd.nist.gov/vuln/detail/CVE-2020-12402
72	[ 2 ] CVE-2020-12415
73	https://nvd.nist.gov/vuln/detail/CVE-2020-12415
74	[ 3 ] CVE-2020-12416
75	https://nvd.nist.gov/vuln/detail/CVE-2020-12416
76	[ 4 ] CVE-2020-12417
77	https://nvd.nist.gov/vuln/detail/CVE-2020-12417
78	[ 5 ] CVE-2020-12418
79	https://nvd.nist.gov/vuln/detail/CVE-2020-12418
80	[ 6 ] CVE-2020-12419
81	https://nvd.nist.gov/vuln/detail/CVE-2020-12419
82	[ 7 ] CVE-2020-12420
83	https://nvd.nist.gov/vuln/detail/CVE-2020-12420
84	[ 8 ] CVE-2020-12421
85	https://nvd.nist.gov/vuln/detail/CVE-2020-12421
86	[ 9 ] CVE-2020-12422
87	https://nvd.nist.gov/vuln/detail/CVE-2020-12422
88	[ 10 ] CVE-2020-12424
89	https://nvd.nist.gov/vuln/detail/CVE-2020-12424
90	[ 11 ] CVE-2020-12425
91	https://nvd.nist.gov/vuln/detail/CVE-2020-12425
92	[ 12 ] CVE-2020-12426
93	https://nvd.nist.gov/vuln/detail/CVE-2020-12426
94
95	Availability
96	============
97
98	This GLSA and any updates to it are available for viewing at
99	the Gentoo Security Website:
100
101	https://security.gentoo.org/glsa/202007-10
102
103	Concerns?
104	=========
105
106	Security is a primary focus of Gentoo Linux and ensuring the
107	confidentiality and security of our users' machines is of utmost
108	importance to us. Any security concerns should be addressed to
109	security@g.o or alternatively, you may file a bug at
110	https://bugs.gentoo.org.
111
112	License
113	=======
114
115	Copyright 2020 Gentoo Foundation, Inc; referenced text
116	belongs to its owner(s).
117
118	The contents of this document are licensed under the
119	Creative Commons - Attribution / Share Alike license.
120
121	https://creativecommons.org/licenses/by-sa/2.5