Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201908-12 ] Mozilla Firefox: Multiple vulnerabilities
Date: Thu, 15 Aug 2019 16:25:57
Message-Id: 20190815155302.GG861995@bubba.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201908-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Firefox: Multiple vulnerabilities
9 Date: August 15, 2019
10 Bugs: #688332, #690626
11 ID: 201908-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 Project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 60.8.0 >= 60.8.0
34 2 www-client/firefox-bin < 60.8.0 >= 60.8.0
35 -------------------------------------------------------------------
36 2 affected packages
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Mozilla Firefox.
42 Please review the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 A remote attacker could entice a user to view a specially crafted web
48 page, possibly resulting in the execution of arbitrary code with the
49 privileges of the process or a Denial of Service condition.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Mozilla Firefox users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=www-client/firefox-60.8.0"
63
64 All Mozilla Firefox binary users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.8.0"
68
69 References
70 ==========
71
72 [ 1 ] CVE-2019-11707
73 https://nvd.nist.gov/vuln/detail/CVE-2019-11707
74 [ 2 ] CVE-2019-11708
75 https://nvd.nist.gov/vuln/detail/CVE-2019-11708
76 [ 3 ] CVE-2019-11709
77 https://nvd.nist.gov/vuln/detail/CVE-2019-11709
78 [ 4 ] CVE-2019-11710
79 https://nvd.nist.gov/vuln/detail/CVE-2019-11710
80 [ 5 ] CVE-2019-11711
81 https://nvd.nist.gov/vuln/detail/CVE-2019-11711
82 [ 6 ] CVE-2019-11712
83 https://nvd.nist.gov/vuln/detail/CVE-2019-11712
84 [ 7 ] CVE-2019-11713
85 https://nvd.nist.gov/vuln/detail/CVE-2019-11713
86 [ 8 ] CVE-2019-11714
87 https://nvd.nist.gov/vuln/detail/CVE-2019-11714
88 [ 9 ] CVE-2019-11715
89 https://nvd.nist.gov/vuln/detail/CVE-2019-11715
90 [ 10 ] CVE-2019-11716
91 https://nvd.nist.gov/vuln/detail/CVE-2019-11716
92 [ 11 ] CVE-2019-11717
93 https://nvd.nist.gov/vuln/detail/CVE-2019-11717
94 [ 12 ] CVE-2019-11718
95 https://nvd.nist.gov/vuln/detail/CVE-2019-11718
96 [ 13 ] CVE-2019-11719
97 https://nvd.nist.gov/vuln/detail/CVE-2019-11719
98 [ 14 ] CVE-2019-11720
99 https://nvd.nist.gov/vuln/detail/CVE-2019-11720
100 [ 15 ] CVE-2019-11721
101 https://nvd.nist.gov/vuln/detail/CVE-2019-11721
102 [ 16 ] CVE-2019-11723
103 https://nvd.nist.gov/vuln/detail/CVE-2019-11723
104 [ 17 ] CVE-2019-11724
105 https://nvd.nist.gov/vuln/detail/CVE-2019-11724
106 [ 18 ] CVE-2019-11725
107 https://nvd.nist.gov/vuln/detail/CVE-2019-11725
108 [ 19 ] CVE-2019-11727
109 https://nvd.nist.gov/vuln/detail/CVE-2019-11727
110 [ 20 ] CVE-2019-11728
111 https://nvd.nist.gov/vuln/detail/CVE-2019-11728
112 [ 21 ] CVE-2019-11729
113 https://nvd.nist.gov/vuln/detail/CVE-2019-11729
114 [ 22 ] CVE-2019-11730
115 https://nvd.nist.gov/vuln/detail/CVE-2019-11730
116 [ 23 ] CVE-2019-9811
117 https://nvd.nist.gov/vuln/detail/CVE-2019-9811
118 [ 24 ] MFSA2019-18
119 https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
120 [ 25 ] MFSA2019-19
121 https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
122 [ 26 ] MFSA2019-21
123 https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
124 [ 27 ] MFSA2019-22
125 https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
126
127 Availability
128 ============
129
130 This GLSA and any updates to it are available for viewing at
131 the Gentoo Security Website:
132
133 https://security.gentoo.org/glsa/201908-12
134
135 Concerns?
136 =========
137
138 Security is a primary focus of Gentoo Linux and ensuring the
139 confidentiality and security of our users' machines is of utmost
140 importance to us. Any security concerns should be addressed to
141 security@g.o or alternatively, you may file a bug at
142 https://bugs.gentoo.org.
143
144 License
145 =======
146
147 Copyright 2019 Gentoo Foundation, Inc; referenced text
148 belongs to its owner(s).
149
150 The contents of this document are licensed under the
151 Creative Commons - Attribution / Share Alike license.
152
153 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups