Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201705-06 ] Mozilla Firefox: Multiple vulnerabilities
Date: Tue, 09 May 2017 19:42:06
Message-Id: df6d5880-8407-7b31-a60d-80fc56514a2a@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201705-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox: Multiple vulnerabilities
9 Date: May 09, 2017
10 Bugs: #611976
11 ID: 201705-06
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 Project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 45.8.0 >= 45.8.0
34 2 www-client/firefox-bin < 45.8.0 >= 45.8.0
35 -------------------------------------------------------------------
36 2 affected packages
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Mozilla Firefox.
42 Please review the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 A remote attacker could possibly execute arbitrary code with the
48 privileges of the process, cause a Denial of Service condition, bypass
49 access restriction, access otherwise protected information, or spoof
50 content via multiple vectors.
51
52 Workaround
53 ==========
54
55 There is no known workaround at this time.
56
57 Resolution
58 ==========
59
60 All Mozilla Firefox users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=www-client/firefox-45.8.0"
64
65 All Mozilla Firefox binary users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-45.8.0"
69
70 References
71 ==========
72
73 [ 1 ] CVE-2017-5398
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5398
75 [ 2 ] CVE-2017-5400
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5400
77 [ 3 ] CVE-2017-5401
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5401
79 [ 4 ] CVE-2017-5402
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5402
81 [ 5 ] CVE-2017-5404
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5404
83 [ 6 ] CVE-2017-5405
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5405
85 [ 7 ] CVE-2017-5407
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5407
87 [ 8 ] CVE-2017-5408
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5408
89 [ 9 ] CVE-2017-5410
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5410
91
92 Availability
93 ============
94
95 This GLSA and any updates to it are available for viewing at
96 the Gentoo Security Website:
97
98 https://security.gentoo.org/glsa/201705-06
99
100 Concerns?
101 =========
102
103 Security is a primary focus of Gentoo Linux and ensuring the
104 confidentiality and security of our users' machines is of utmost
105 importance to us. Any security concerns should be addressed to
106 security@g.o or alternatively, you may file a bug at
107 https://bugs.gentoo.org.
108
109 License
110 =======
111
112 Copyright 2017 Gentoo Foundation, Inc; referenced text
113 belongs to its owner(s).
114
115 The contents of this document are licensed under the
116 Creative Commons - Attribution / Share Alike license.
117
118 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature