Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201904-07 ] Mozilla Thunderbird and Firefox: Multiple vulnerabilities
Date: Tue, 02 Apr 2019 04:52:09
Message-Id: 20190402043345.GG29674@monkey
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201904-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Thunderbird and Firefox: Multiple vulnerabilities
9 Date: April 02, 2019
10 Bugs: #676954, #678072, #681834, #681836
11 ID: 201904-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Thunderbird and
19 Firefox, the worst of which could lead to the execution of arbitrary
20 code.
21
22 Background
23 ==========
24
25 Mozilla Thunderbird is a popular open-source email client from the
26 Mozilla project.
27 Mozilla Firefox is a popular open-source web browser from the Mozilla
28 Project.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 mail-client/thunderbird < 60.6.1 >= 60.6.1
37 2 mail-client/thunderbird-bin
38 < 60.6.1 >= 60.6.1
39 3 www-client/firefox < 60.6.1 >= 60.6.1
40 4 www-client/firefox-bin < 60.6.1 >= 60.6.1
41 -------------------------------------------------------------------
42 4 affected packages
43
44 Description
45 ===========
46
47 Multiple vulnerabilities have been discovered in Mozilla Thunderbird
48 and Firefox. Please review the referenced Mozilla Foundation Security
49 Advisories and CVE identifiers below for details.
50
51 Impact
52 ======
53
54 Please review the referenced Mozilla Foundation Security Advisories and
55 CVE identifiers below for details.
56
57 Workaround
58 ==========
59
60 There is no known workaround at this time.
61
62 Resolution
63 ==========
64
65 All Thunderbird users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.6.1"
69
70 All Thunderbird bin users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-60.6.1"
74
75 All Firefox users should upgrade to the latest version:
76
77 # emerge --sync
78 # emerge --ask --oneshot --verbose ">=www-client/firefox-60.6.1"
79
80 All Firefox bin users should upgrade to the latest version:
81
82 # emerge --sync
83 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.6.1"
84
85 References
86 ==========
87
88 [ 1 ] CVE-2016-5824
89 https://nvd.nist.gov/vuln/detail/CVE-2016-5824
90 [ 2 ] CVE-2018-18335
91 https://nvd.nist.gov/vuln/detail/CVE-2018-18335
92 [ 3 ] CVE-2018-18356
93 https://nvd.nist.gov/vuln/detail/CVE-2018-18356
94 [ 4 ] CVE-2018-18500
95 https://nvd.nist.gov/vuln/detail/CVE-2018-18500
96 [ 5 ] CVE-2018-18501
97 https://nvd.nist.gov/vuln/detail/CVE-2018-18501
98 [ 6 ] CVE-2018-18505
99 https://nvd.nist.gov/vuln/detail/CVE-2018-18505
100 [ 7 ] CVE-2018-18506
101 https://nvd.nist.gov/vuln/detail/CVE-2018-18506
102 [ 8 ] CVE-2018-18509
103 https://nvd.nist.gov/vuln/detail/CVE-2018-18509
104 [ 9 ] CVE-2018-18512
105 https://nvd.nist.gov/vuln/detail/CVE-2018-18512
106 [ 10 ] CVE-2018-18513
107 https://nvd.nist.gov/vuln/detail/CVE-2018-18513
108 [ 11 ] CVE-2019-5785
109 https://nvd.nist.gov/vuln/detail/CVE-2019-5785
110 [ 12 ] CVE-2019-9788
111 https://nvd.nist.gov/vuln/detail/CVE-2019-9788
112 [ 13 ] CVE-2019-9790
113 https://nvd.nist.gov/vuln/detail/CVE-2019-9790
114 [ 14 ] CVE-2019-9791
115 https://nvd.nist.gov/vuln/detail/CVE-2019-9791
116 [ 15 ] CVE-2019-9792
117 https://nvd.nist.gov/vuln/detail/CVE-2019-9792
118 [ 16 ] CVE-2019-9793
119 https://nvd.nist.gov/vuln/detail/CVE-2019-9793
120 [ 17 ] CVE-2019-9795
121 https://nvd.nist.gov/vuln/detail/CVE-2019-9795
122 [ 18 ] CVE-2019-9796
123 https://nvd.nist.gov/vuln/detail/CVE-2019-9796
124 [ 19 ] CVE-2019-9810
125 https://nvd.nist.gov/vuln/detail/CVE-2019-9810
126 [ 20 ] CVE-2019-9813
127 https://nvd.nist.gov/vuln/detail/CVE-2019-9813
128
129 Availability
130 ============
131
132 This GLSA and any updates to it are available for viewing at
133 the Gentoo Security Website:
134
135 https://security.gentoo.org/glsa/201904-07
136
137 Concerns?
138 =========
139
140 Security is a primary focus of Gentoo Linux and ensuring the
141 confidentiality and security of our users' machines is of utmost
142 importance to us. Any security concerns should be addressed to
143 security@g.o or alternatively, you may file a bug at
144 https://bugs.gentoo.org.
145
146 License
147 =======
148
149 Copyright 2019 Gentoo Foundation, Inc; referenced text
150 belongs to its owner(s).
151
152 The contents of this document are licensed under the
153 Creative Commons - Attribution / Share Alike license.
154
155 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups