Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201512-10 ] Mozilla Products: Multiple vulnerabilities
Date: Wed, 30 Dec 2015 15:35:12
Message-Id: 5683F8F7.4060703@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201512-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Products: Multiple vulnerabilities
9 Date: December 30, 2015
10 Bugs: #545232, #554036, #556942, #564818, #568376
11 ID: 201512-10
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox and
19 Thunderbird, the worst of which may allow user-assisted execution of
20 arbitrary code.
21
22 Background
23 ==========
24
25 Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
26 an open-source email client, both from the Mozilla Project.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 www-client/firefox < 38.5.0 >= 38.5.0
35 2 www-client/firefox-bin < 38.5.0 >= 38.5.0
36 3 mail-client/thunderbird < 38.5.0 >= 38.5.0
37 4 mail-client/thunderbird-bin
38 < 38.5.0 >= 38.5.0
39 -------------------------------------------------------------------
40 4 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Mozilla Firefox and
46 Mozilla Thunderbird. Please review the CVE identifiers referenced below
47 for details.
48
49 Impact
50 ======
51
52 A remote attacker could entice a user to view a specially crafted web
53 page or email, possibly resulting in execution of arbitrary code or a
54 Denial of Service condition.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Firefox users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
68
69 All Firefox-bin users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
73
74 All Thunderbird users should upgrade to the latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
78
79 All Thunderbird-bin users should upgrade to the latest version:
80
81 # emerge --sync
82 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"
83
84 References
85 ==========
86
87 [ 1 ] CVE-2015-0798
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798
89 [ 2 ] CVE-2015-0799
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799
91 [ 3 ] CVE-2015-0801
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801
93 [ 4 ] CVE-2015-0802
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802
95 [ 5 ] CVE-2015-0803
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803
97 [ 6 ] CVE-2015-0804
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804
99 [ 7 ] CVE-2015-0805
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805
101 [ 8 ] CVE-2015-0806
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806
103 [ 9 ] CVE-2015-0807
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807
105 [ 10 ] CVE-2015-0808
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808
107 [ 11 ] CVE-2015-0810
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810
109 [ 12 ] CVE-2015-0811
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811
111 [ 13 ] CVE-2015-0812
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812
113 [ 14 ] CVE-2015-0813
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813
115 [ 15 ] CVE-2015-0814
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814
117 [ 16 ] CVE-2015-0815
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815
119 [ 17 ] CVE-2015-0816
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816
121 [ 18 ] CVE-2015-2706
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706
123 [ 19 ] CVE-2015-2721
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721
125 [ 20 ] CVE-2015-2722
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722
127 [ 21 ] CVE-2015-2724
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724
129 [ 22 ] CVE-2015-2725
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725
131 [ 23 ] CVE-2015-2726
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726
133 [ 24 ] CVE-2015-2727
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727
135 [ 25 ] CVE-2015-2728
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728
137 [ 26 ] CVE-2015-2729
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729
139 [ 27 ] CVE-2015-2730
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730
141 [ 28 ] CVE-2015-2731
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731
143 [ 29 ] CVE-2015-2733
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733
145 [ 30 ] CVE-2015-2734
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734
147 [ 31 ] CVE-2015-2735
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735
149 [ 32 ] CVE-2015-2736
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736
151 [ 33 ] CVE-2015-2737
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737
153 [ 34 ] CVE-2015-2738
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738
155 [ 35 ] CVE-2015-2739
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739
157 [ 36 ] CVE-2015-2740
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740
159 [ 37 ] CVE-2015-2741
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741
161 [ 38 ] CVE-2015-2742
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742
163 [ 39 ] CVE-2015-2743
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743
165 [ 40 ] CVE-2015-2808
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808
167 [ 41 ] CVE-2015-4000
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
169 [ 42 ] CVE-2015-4495
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495
171 [ 43 ] CVE-2015-4513
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513
173 [ 44 ] CVE-2015-4514
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514
175 [ 45 ] CVE-2015-4515
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515
177 [ 46 ] CVE-2015-4518
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518
179 [ 47 ] CVE-2015-7181
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
181 [ 48 ] CVE-2015-7182
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
183 [ 49 ] CVE-2015-7183
184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
185 [ 50 ] CVE-2015-7187
186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187
187 [ 51 ] CVE-2015-7188
188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188
189 [ 52 ] CVE-2015-7189
190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189
191 [ 53 ] CVE-2015-7191
192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191
193 [ 54 ] CVE-2015-7192
194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192
195 [ 55 ] CVE-2015-7193
196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193
197 [ 56 ] CVE-2015-7194
198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194
199 [ 57 ] CVE-2015-7195
200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195
201 [ 58 ] CVE-2015-7196
202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196
203 [ 59 ] CVE-2015-7197
204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197
205 [ 60 ] CVE-2015-7198
206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198
207 [ 61 ] CVE-2015-7199
208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199
209 [ 62 ] CVE-2015-7200
210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200
211 [ 63 ] CVE-2015-7201
212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201
213 [ 64 ] CVE-2015-7202
214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202
215 [ 65 ] CVE-2015-7203
216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203
217 [ 66 ] CVE-2015-7204
218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204
219 [ 67 ] CVE-2015-7205
220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205
221 [ 68 ] CVE-2015-7207
222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207
223 [ 69 ] CVE-2015-7208
224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208
225 [ 70 ] CVE-2015-7210
226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210
227 [ 71 ] CVE-2015-7211
228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211
229 [ 72 ] CVE-2015-7212
230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212
231 [ 73 ] CVE-2015-7213
232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213
233 [ 74 ] CVE-2015-7214
234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214
235 [ 75 ] CVE-2015-7215
236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215
237 [ 76 ] CVE-2015-7216
238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216
239 [ 77 ] CVE-2015-7217
240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217
241 [ 78 ] CVE-2015-7218
242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218
243 [ 79 ] CVE-2015-7219
244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219
245 [ 80 ] CVE-2015-7220
246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220
247 [ 81 ] CVE-2015-7221
248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221
249 [ 82 ] CVE-2015-7222
250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222
251 [ 83 ] CVE-2015-7223
252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223
253
254 Availability
255 ============
256
257 This GLSA and any updates to it are available for viewing at
258 the Gentoo Security Website:
259
260 https://security.gentoo.org/glsa/201512-10
261
262 Concerns?
263 =========
264
265 Security is a primary focus of Gentoo Linux and ensuring the
266 confidentiality and security of our users' machines is of utmost
267 importance to us. Any security concerns should be addressed to
268 security@g.o or alternatively, you may file a bug at
269 https://bugs.gentoo.org.
270
271 License
272 =======
273
274 Copyright 2015 Gentoo Foundation, Inc; referenced text
275 belongs to its owner(s).
276
277 The contents of this document are licensed under the
278 Creative Commons - Attribution / Share Alike license.
279
280 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups