Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202008-16 ] Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Date: Thu, 27 Aug 2020 00:56:44
Message-Id: E60954E9-1979-4732-AE3A-255AE0FA3E3D@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202008-16
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox, Mozilla Thunderbird: Multiple
9 vulnerabilities
10 Date: August 27, 2020
11 Bugs: #739006, #739164
12 ID: 202008-16
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla
20 Thunderbird, the worst of which could result in the arbitrary execution
21 of code.
22
23 Background
24 ==========
25
26 Mozilla Firefox is a popular open-source web browser from the Mozilla
27 Project.
28
29 Mozilla Thunderbird is a popular open-source email client from the
30 Mozilla project.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 www-client/firefox < 68.12.0 >= 68.12.0
39 2 www-client/firefox-bin < 68.12.0 >= 68.12.0
40 3 mail-client/thunderbird < 68.12.0 >= 68.12.0
41 4 mail-client/thunderbird-bin
42 < 68.12.0 >= 68.12.0
43 -------------------------------------------------------------------
44 4 affected packages
45
46 Description
47 ===========
48
49 Multiple vulnerabilities have been discovered in Mozilla Firefox and
50 Mozilla Thunderbird. Please review the CVE identifiers referenced below
51 for details.
52
53 Impact
54 ======
55
56 Please review the referenced CVE identifiers for details.
57
58 Workaround
59 ==========
60
61 There is no known workaround at this time.
62
63 Resolution
64 ==========
65
66 All Firefox users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=www-client/firefox-68.12.0"
70
71 All Firefox binary users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.12.0"
75
76 All Thunderbird users should upgrade to the latest version:
77
78 # emerge --sync
79 # emerge --ask --oneshot -v ">=mail-client/thunderbird-68.12.0"
80
81 All Thunderbird binary users should upgrade to the latest version:
82
83 # emerge --sync
84 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.12.0"
85
86 References
87 ==========
88
89 [ 1 ] CVE-2020-15664
90 https://nvd.nist.gov/vuln/detail/CVE-2020-15664
91 [ 2 ] CVE-2020-15669
92 https://nvd.nist.gov/vuln/detail/CVE-2020-15669
93 [ 3 ] Upstream advisory (MFSA-2020-37)
94 https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/
95 [ 4 ] Upstream advisory (MFSA-2020-38)
96 https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/
97
98 Availability
99 ============
100
101 This GLSA and any updates to it are available for viewing at
102 the Gentoo Security Website:
103
104 https://security.gentoo.org/glsa/202008-16
105
106 Concerns?
107 =========
108
109 Security is a primary focus of Gentoo Linux and ensuring the
110 confidentiality and security of our users' machines is of utmost
111 importance to us. Any security concerns should be addressed to
112 security@g.o or alternatively, you may file a bug at
113 https://bugs.gentoo.org.
114
115 License
116 =======
117
118 Copyright 2020 Gentoo Foundation, Inc; referenced text
119 belongs to its owner(s).
120
121 The contents of this document are licensed under the
122 Creative Commons - Attribution / Share Alike license.
123
124 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature