Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201802-03 ] Mozilla Firefox: Multiple vulnerabilities
Date: Tue, 20 Feb 2018 00:57:56
Message-Id: 8e12c01d-7818-68c0-72fa-1ad4a59161ac@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201802-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Firefox: Multiple vulnerabilities
9 Date: February 20, 2018
10 Bugs: #616030, #621722, #632400, #639854, #645510, #648198
11 ID: 201802-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 Project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 52.6.0 >= 52.6.0
34 2 www-client/firefox-bin < 52.6.0 >= 52.6.0
35 -------------------------------------------------------------------
36 2 affected packages
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Mozilla Firefox.
42 Please review the referenced CVE identifiers for details.
43
44 Impact
45 ======
46
47 A remote attacker could entice a user to view a specially crafted web
48 page, possibly resulting in the execution of arbitrary code with the
49 privileges of the process or a Denial of Service condition.
50 Furthermore, a remote attacker may be able to perform Man-in-the-Middle
51 attacks, obtain sensitive information, spoof the address bar, conduct
52 clickjacking attacks, bypass security restrictions and protection
53 mechanisms, or have other unspecified impact.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Mozilla Firefox users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot --verbose ">=www-client/firefox-52.6.0"
67
68 All Mozilla Firefox binary users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-52.6.0"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2016-10195
77 https://nvd.nist.gov/vuln/detail/CVE-2016-10195
78 [ 2 ] CVE-2016-10196
79 https://nvd.nist.gov/vuln/detail/CVE-2016-10196
80 [ 3 ] CVE-2016-10197
81 https://nvd.nist.gov/vuln/detail/CVE-2016-10197
82 [ 4 ] CVE-2016-6354
83 https://nvd.nist.gov/vuln/detail/CVE-2016-6354
84 [ 5 ] CVE-2017-5429
85 https://nvd.nist.gov/vuln/detail/CVE-2017-5429
86 [ 6 ] CVE-2017-5432
87 https://nvd.nist.gov/vuln/detail/CVE-2017-5432
88 [ 7 ] CVE-2017-5433
89 https://nvd.nist.gov/vuln/detail/CVE-2017-5433
90 [ 8 ] CVE-2017-5434
91 https://nvd.nist.gov/vuln/detail/CVE-2017-5434
92 [ 9 ] CVE-2017-5435
93 https://nvd.nist.gov/vuln/detail/CVE-2017-5435
94 [ 10 ] CVE-2017-5436
95 https://nvd.nist.gov/vuln/detail/CVE-2017-5436
96 [ 11 ] CVE-2017-5437
97 https://nvd.nist.gov/vuln/detail/CVE-2017-5437
98 [ 12 ] CVE-2017-5438
99 https://nvd.nist.gov/vuln/detail/CVE-2017-5438
100 [ 13 ] CVE-2017-5439
101 https://nvd.nist.gov/vuln/detail/CVE-2017-5439
102 [ 14 ] CVE-2017-5440
103 https://nvd.nist.gov/vuln/detail/CVE-2017-5440
104 [ 15 ] CVE-2017-5441
105 https://nvd.nist.gov/vuln/detail/CVE-2017-5441
106 [ 16 ] CVE-2017-5442
107 https://nvd.nist.gov/vuln/detail/CVE-2017-5442
108 [ 17 ] CVE-2017-5443
109 https://nvd.nist.gov/vuln/detail/CVE-2017-5443
110 [ 18 ] CVE-2017-5444
111 https://nvd.nist.gov/vuln/detail/CVE-2017-5444
112 [ 19 ] CVE-2017-5445
113 https://nvd.nist.gov/vuln/detail/CVE-2017-5445
114 [ 20 ] CVE-2017-5446
115 https://nvd.nist.gov/vuln/detail/CVE-2017-5446
116 [ 21 ] CVE-2017-5447
117 https://nvd.nist.gov/vuln/detail/CVE-2017-5447
118 [ 22 ] CVE-2017-5448
119 https://nvd.nist.gov/vuln/detail/CVE-2017-5448
120 [ 23 ] CVE-2017-5459
121 https://nvd.nist.gov/vuln/detail/CVE-2017-5459
122 [ 24 ] CVE-2017-5460
123 https://nvd.nist.gov/vuln/detail/CVE-2017-5460
124 [ 25 ] CVE-2017-5461
125 https://nvd.nist.gov/vuln/detail/CVE-2017-5461
126 [ 26 ] CVE-2017-5462
127 https://nvd.nist.gov/vuln/detail/CVE-2017-5462
128 [ 27 ] CVE-2017-5464
129 https://nvd.nist.gov/vuln/detail/CVE-2017-5464
130 [ 28 ] CVE-2017-5465
131 https://nvd.nist.gov/vuln/detail/CVE-2017-5465
132 [ 29 ] CVE-2017-5469
133 https://nvd.nist.gov/vuln/detail/CVE-2017-5469
134 [ 30 ] CVE-2017-5470
135 https://nvd.nist.gov/vuln/detail/CVE-2017-5470
136 [ 31 ] CVE-2017-5472
137 https://nvd.nist.gov/vuln/detail/CVE-2017-5472
138 [ 32 ] CVE-2017-7749
139 https://nvd.nist.gov/vuln/detail/CVE-2017-7749
140 [ 33 ] CVE-2017-7750
141 https://nvd.nist.gov/vuln/detail/CVE-2017-7750
142 [ 34 ] CVE-2017-7751
143 https://nvd.nist.gov/vuln/detail/CVE-2017-7751
144 [ 35 ] CVE-2017-7752
145 https://nvd.nist.gov/vuln/detail/CVE-2017-7752
146 [ 36 ] CVE-2017-7753
147 https://nvd.nist.gov/vuln/detail/CVE-2017-7753
148 [ 37 ] CVE-2017-7754
149 https://nvd.nist.gov/vuln/detail/CVE-2017-7754
150 [ 38 ] CVE-2017-7756
151 https://nvd.nist.gov/vuln/detail/CVE-2017-7756
152 [ 39 ] CVE-2017-7757
153 https://nvd.nist.gov/vuln/detail/CVE-2017-7757
154 [ 40 ] CVE-2017-7758
155 https://nvd.nist.gov/vuln/detail/CVE-2017-7758
156 [ 41 ] CVE-2017-7764
157 https://nvd.nist.gov/vuln/detail/CVE-2017-7764
158 [ 42 ] CVE-2017-7771
159 https://nvd.nist.gov/vuln/detail/CVE-2017-7771
160 [ 43 ] CVE-2017-7772
161 https://nvd.nist.gov/vuln/detail/CVE-2017-7772
162 [ 44 ] CVE-2017-7773
163 https://nvd.nist.gov/vuln/detail/CVE-2017-7773
164 [ 45 ] CVE-2017-7774
165 https://nvd.nist.gov/vuln/detail/CVE-2017-7774
166 [ 46 ] CVE-2017-7775
167 https://nvd.nist.gov/vuln/detail/CVE-2017-7775
168 [ 47 ] CVE-2017-7776
169 https://nvd.nist.gov/vuln/detail/CVE-2017-7776
170 [ 48 ] CVE-2017-7777
171 https://nvd.nist.gov/vuln/detail/CVE-2017-7777
172 [ 49 ] CVE-2017-7778
173 https://nvd.nist.gov/vuln/detail/CVE-2017-7778
174 [ 50 ] CVE-2017-7779
175 https://nvd.nist.gov/vuln/detail/CVE-2017-7779
176 [ 51 ] CVE-2017-7784
177 https://nvd.nist.gov/vuln/detail/CVE-2017-7784
178 [ 52 ] CVE-2017-7785
179 https://nvd.nist.gov/vuln/detail/CVE-2017-7785
180 [ 53 ] CVE-2017-7786
181 https://nvd.nist.gov/vuln/detail/CVE-2017-7786
182 [ 54 ] CVE-2017-7787
183 https://nvd.nist.gov/vuln/detail/CVE-2017-7787
184 [ 55 ] CVE-2017-7791
185 https://nvd.nist.gov/vuln/detail/CVE-2017-7791
186 [ 56 ] CVE-2017-7792
187 https://nvd.nist.gov/vuln/detail/CVE-2017-7792
188 [ 57 ] CVE-2017-7793
189 https://nvd.nist.gov/vuln/detail/CVE-2017-7793
190 [ 58 ] CVE-2017-7798
191 https://nvd.nist.gov/vuln/detail/CVE-2017-7798
192 [ 59 ] CVE-2017-7800
193 https://nvd.nist.gov/vuln/detail/CVE-2017-7800
194 [ 60 ] CVE-2017-7801
195 https://nvd.nist.gov/vuln/detail/CVE-2017-7801
196 [ 61 ] CVE-2017-7802
197 https://nvd.nist.gov/vuln/detail/CVE-2017-7802
198 [ 62 ] CVE-2017-7803
199 https://nvd.nist.gov/vuln/detail/CVE-2017-7803
200 [ 63 ] CVE-2017-7805
201 https://nvd.nist.gov/vuln/detail/CVE-2017-7805
202 [ 64 ] CVE-2017-7807
203 https://nvd.nist.gov/vuln/detail/CVE-2017-7807
204 [ 65 ] CVE-2017-7809
205 https://nvd.nist.gov/vuln/detail/CVE-2017-7809
206 [ 66 ] CVE-2017-7810
207 https://nvd.nist.gov/vuln/detail/CVE-2017-7810
208 [ 67 ] CVE-2017-7814
209 https://nvd.nist.gov/vuln/detail/CVE-2017-7814
210 [ 68 ] CVE-2017-7818
211 https://nvd.nist.gov/vuln/detail/CVE-2017-7818
212 [ 69 ] CVE-2017-7819
213 https://nvd.nist.gov/vuln/detail/CVE-2017-7819
214 [ 70 ] CVE-2017-7823
215 https://nvd.nist.gov/vuln/detail/CVE-2017-7823
216 [ 71 ] CVE-2017-7824
217 https://nvd.nist.gov/vuln/detail/CVE-2017-7824
218 [ 72 ] CVE-2017-7843
219 https://nvd.nist.gov/vuln/detail/CVE-2017-7843
220 [ 73 ] CVE-2017-7844
221 https://nvd.nist.gov/vuln/detail/CVE-2017-7844
222 [ 74 ] CVE-2018-5089
223 https://nvd.nist.gov/vuln/detail/CVE-2018-5089
224 [ 75 ] CVE-2018-5091
225 https://nvd.nist.gov/vuln/detail/CVE-2018-5091
226 [ 76 ] CVE-2018-5095
227 https://nvd.nist.gov/vuln/detail/CVE-2018-5095
228 [ 77 ] CVE-2018-5096
229 https://nvd.nist.gov/vuln/detail/CVE-2018-5096
230 [ 78 ] CVE-2018-5097
231 https://nvd.nist.gov/vuln/detail/CVE-2018-5097
232 [ 79 ] CVE-2018-5098
233 https://nvd.nist.gov/vuln/detail/CVE-2018-5098
234 [ 80 ] CVE-2018-5099
235 https://nvd.nist.gov/vuln/detail/CVE-2018-5099
236 [ 81 ] CVE-2018-5102
237 https://nvd.nist.gov/vuln/detail/CVE-2018-5102
238 [ 82 ] CVE-2018-5103
239 https://nvd.nist.gov/vuln/detail/CVE-2018-5103
240 [ 83 ] CVE-2018-5104
241 https://nvd.nist.gov/vuln/detail/CVE-2018-5104
242 [ 84 ] CVE-2018-5117
243 https://nvd.nist.gov/vuln/detail/CVE-2018-5117
244
245 Availability
246 ============
247
248 This GLSA and any updates to it are available for viewing at
249 the Gentoo Security Website:
250
251 https://security.gentoo.org/glsa/201802-03
252
253 Concerns?
254 =========
255
256 Security is a primary focus of Gentoo Linux and ensuring the
257 confidentiality and security of our users' machines is of utmost
258 importance to us. Any security concerns should be addressed to
259 security@g.o or alternatively, you may file a bug at
260 https://bugs.gentoo.org.
261
262 License
263 =======
264
265 Copyright 2018 Gentoo Foundation, Inc; referenced text
266 belongs to its owner(s).
267
268 The contents of this document are licensed under the
269 Creative Commons - Attribution / Share Alike license.
270
271 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups