Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202104-10 ] Mozilla Firefox: Multiple vulnerabilities
Date: Sat, 01 May 2021 00:16:05
Message-Id: 386cac91-5f3c-b017-6bff-11035b6fd654@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202104-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox: Multiple vulnerabilities
9 Date: April 30, 2021
10 Bugs: #772305, #778269, #784572
11 ID: 202104-10
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 88.0 >= 78.10.0:0/esr78
34 >= 88.0
35 2 www-client/firefox-bin < 88.0 >= 78.10.0:0/esr78
36 >= 88.0
37 -------------------------------------------------------------------
38 2 affected packages
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been discovered in Mozilla Firefox.
44 Please review the CVE identifiers referenced below for details.
45
46 Impact
47 ======
48
49 Please review the referenced CVE identifiers for details.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Mozilla Firefox ESR users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=www-client/firefox-78.10.0"
63
64 All Mozilla Firefox ESR binary users should upgrade to the latest
65 version:
66
67 # emerge --sync
68 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.10.0"
69
70 All Mozilla Firefox users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=www-client/firefox-88.0"
74
75 All Mozilla Firefox binary users should upgrade to the latest version:
76
77 # emerge --sync
78 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-88.0"
79
80 References
81 ==========
82
83 [ 1 ] CVE-2021-23961
84 https://nvd.nist.gov/vuln/detail/CVE-2021-23961
85 [ 2 ] CVE-2021-23968
86 https://nvd.nist.gov/vuln/detail/CVE-2021-23968
87 [ 3 ] CVE-2021-23969
88 https://nvd.nist.gov/vuln/detail/CVE-2021-23969
89 [ 4 ] CVE-2021-23970
90 https://nvd.nist.gov/vuln/detail/CVE-2021-23970
91 [ 5 ] CVE-2021-23971
92 https://nvd.nist.gov/vuln/detail/CVE-2021-23971
93 [ 6 ] CVE-2021-23972
94 https://nvd.nist.gov/vuln/detail/CVE-2021-23972
95 [ 7 ] CVE-2021-23973
96 https://nvd.nist.gov/vuln/detail/CVE-2021-23973
97 [ 8 ] CVE-2021-23974
98 https://nvd.nist.gov/vuln/detail/CVE-2021-23974
99 [ 9 ] CVE-2021-23975
100 https://nvd.nist.gov/vuln/detail/CVE-2021-23975
101 [ 10 ] CVE-2021-23976
102 https://nvd.nist.gov/vuln/detail/CVE-2021-23976
103 [ 11 ] CVE-2021-23977
104 https://nvd.nist.gov/vuln/detail/CVE-2021-23977
105 [ 12 ] CVE-2021-23978
106 https://nvd.nist.gov/vuln/detail/CVE-2021-23978
107 [ 13 ] CVE-2021-23981
108 https://nvd.nist.gov/vuln/detail/CVE-2021-23981
109 [ 14 ] CVE-2021-23982
110 https://nvd.nist.gov/vuln/detail/CVE-2021-23982
111 [ 15 ] CVE-2021-23983
112 https://nvd.nist.gov/vuln/detail/CVE-2021-23983
113 [ 16 ] CVE-2021-23984
114 https://nvd.nist.gov/vuln/detail/CVE-2021-23984
115 [ 17 ] CVE-2021-23985
116 https://nvd.nist.gov/vuln/detail/CVE-2021-23985
117 [ 18 ] CVE-2021-23986
118 https://nvd.nist.gov/vuln/detail/CVE-2021-23986
119 [ 19 ] CVE-2021-23987
120 https://nvd.nist.gov/vuln/detail/CVE-2021-23987
121 [ 20 ] CVE-2021-23988
122 https://nvd.nist.gov/vuln/detail/CVE-2021-23988
123 [ 21 ] CVE-2021-23994
124 https://nvd.nist.gov/vuln/detail/CVE-2021-23994
125 [ 22 ] CVE-2021-23995
126 https://nvd.nist.gov/vuln/detail/CVE-2021-23995
127 [ 23 ] CVE-2021-23998
128 https://nvd.nist.gov/vuln/detail/CVE-2021-23998
129 [ 24 ] CVE-2021-23999
130 https://nvd.nist.gov/vuln/detail/CVE-2021-23999
131 [ 25 ] CVE-2021-24002
132 https://nvd.nist.gov/vuln/detail/CVE-2021-24002
133 [ 26 ] CVE-2021-29945
134 https://nvd.nist.gov/vuln/detail/CVE-2021-29945
135 [ 27 ] CVE-2021-29946
136 https://nvd.nist.gov/vuln/detail/CVE-2021-29946
137 [ 28 ] MFSA-2021-08
138 https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/
139 [ 29 ] MFSA-2021-11
140 https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/
141 [ 30 ] MFSA-2021-15
142 https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/
143
144 Availability
145 ============
146
147 This GLSA and any updates to it are available for viewing at
148 the Gentoo Security Website:
149
150 https://security.gentoo.org/glsa/202104-10
151
152 Concerns?
153 =========
154
155 Security is a primary focus of Gentoo Linux and ensuring the
156 confidentiality and security of our users' machines is of utmost
157 importance to us. Any security concerns should be addressed to
158 security@g.o or alternatively, you may file a bug at
159 https://bugs.gentoo.org.
160
161 License
162 =======
163
164 Copyright 2021 Gentoo Foundation, Inc; referenced text
165 belongs to its owner(s).
166
167 The contents of this document are licensed under the
168 Creative Commons - Attribution / Share Alike license.
169
170 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
OpenPGP_signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups