Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Chris Reffett <creffett@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities
Date: Fri, 27 Sep 2013 20:41:56
Message-Id: 5245ED32.8070703@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201309-23
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Products: Multiple vulnerabilities
9 Date: September 27, 2013
10 Bugs: #450940, #458390, #460818, #464226, #469868, #474758,
11 #479968, #485258
12 ID: 201309-23
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Mozilla Firefox,
20 Thunderbird, and SeaMonkey, some of which may allow a remote user to
21 execute arbitrary code.
22
23 Background
24 ==========
25
26 Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
27 an open-source email client, both from the Mozilla Project. The
28 SeaMonkey project is a community effort to deliver production-quality
29 releases of code derived from the application formerly known as the
30 'Mozilla Application Suite'.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 mail-client/thunderbird < 17.0.9 >= 17.0.9
39 2 www-client/firefox < 17.0.9 >= 17.0.9
40 3 www-client/seamonkey < 2.21 >= 2.21
41 4 mail-client/thunderbird-bin
42 < 17.0.9 >= 17.0.9
43 5 www-client/firefox-bin < 17.0.9 >= 17.0.9
44 6 www-client/seamonkey-bin
45 < 2.21 >= 2.21
46 -------------------------------------------------------------------
47 6 affected packages
48
49 Description
50 ===========
51
52 Multiple vulnerabilities have been discovered in Mozilla Firefox,
53 Thunderbird, and SeaMonkey. Please review the CVE identifiers
54 referenced below for details.
55
56 Impact
57 ======
58
59 A remote attacker could entice a user to view a specially crafted web
60 page or email, possibly resulting in execution of arbitrary code or a
61 Denial of Service condition. Further, a remote attacker could conduct
62 XSS attacks, spoof URLs, bypass address space layout randomization,
63 conduct clickjacking attacks, obtain potentially sensitive information,
64 bypass access restrictions, modify the local filesystem, or conduct
65 other unspecified attacks.
66
67 Workaround
68 ==========
69
70 There is no known workaround at this time.
71
72 Resolution
73 ==========
74
75 All Mozilla Firefox users should upgrade to the latest version:
76
77 # emerge --sync
78 # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"
79
80 All users of the Mozilla Firefox binary package should upgrade to the
81 latest version:
82
83 # emerge --sync
84 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"
85
86 All Mozilla Thunderbird users should upgrade to the latest version:
87
88 # emerge --sync
89 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"
90
91 All users of the Mozilla Thunderbird binary package should upgrade to
92 the latest version:
93
94 # emerge --sync
95 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9"
96
97 All SeaMonkey users should upgrade to the latest version:
98
99 # emerge --sync
100 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"
101
102 All users of the Mozilla SeaMonkey binary package should upgrade to the
103 latest version:
104
105 # emerge --sync
106 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"
107
108 References
109 ==========
110
111 [ 1 ] CVE-2013-0744
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744
113 [ 2 ] CVE-2013-0745
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745
115 [ 3 ] CVE-2013-0746
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746
117 [ 4 ] CVE-2013-0747
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747
119 [ 5 ] CVE-2013-0748
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748
121 [ 6 ] CVE-2013-0749
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749
123 [ 7 ] CVE-2013-0750
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750
125 [ 8 ] CVE-2013-0751
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751
127 [ 9 ] CVE-2013-0752
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752
129 [ 10 ] CVE-2013-0753
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753
131 [ 11 ] CVE-2013-0754
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754
133 [ 12 ] CVE-2013-0755
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755
135 [ 13 ] CVE-2013-0756
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756
137 [ 14 ] CVE-2013-0757
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757
139 [ 15 ] CVE-2013-0758
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758
141 [ 16 ] CVE-2013-0759
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759
143 [ 17 ] CVE-2013-0760
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760
145 [ 18 ] CVE-2013-0761
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761
147 [ 19 ] CVE-2013-0762
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762
149 [ 20 ] CVE-2013-0763
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763
151 [ 21 ] CVE-2013-0764
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764
153 [ 22 ] CVE-2013-0765
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765
155 [ 23 ] CVE-2013-0766
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766
157 [ 24 ] CVE-2013-0767
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767
159 [ 25 ] CVE-2013-0768
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768
161 [ 26 ] CVE-2013-0769
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769
163 [ 27 ] CVE-2013-0770
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770
165 [ 28 ] CVE-2013-0771
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771
167 [ 29 ] CVE-2013-0772
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772
169 [ 30 ] CVE-2013-0773
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773
171 [ 31 ] CVE-2013-0774
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774
173 [ 32 ] CVE-2013-0775
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775
175 [ 33 ] CVE-2013-0776
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776
177 [ 34 ] CVE-2013-0777
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777
179 [ 35 ] CVE-2013-0778
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778
181 [ 36 ] CVE-2013-0779
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779
183 [ 37 ] CVE-2013-0780
184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780
185 [ 38 ] CVE-2013-0781
186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781
187 [ 39 ] CVE-2013-0782
188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782
189 [ 40 ] CVE-2013-0783
190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783
191 [ 41 ] CVE-2013-0784
192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784
193 [ 42 ] CVE-2013-0787
194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787
195 [ 43 ] CVE-2013-0788
196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788
197 [ 44 ] CVE-2013-0789
198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789
199 [ 45 ] CVE-2013-0791
200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791
201 [ 46 ] CVE-2013-0792
202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792
203 [ 47 ] CVE-2013-0793
204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793
205 [ 48 ] CVE-2013-0794
206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794
207 [ 49 ] CVE-2013-0795
208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795
209 [ 50 ] CVE-2013-0796
210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796
211 [ 51 ] CVE-2013-0797
212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797
213 [ 52 ] CVE-2013-0799
214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799
215 [ 53 ] CVE-2013-0800
216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800
217 [ 54 ] CVE-2013-0801
218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801
219 [ 55 ] CVE-2013-1670
220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670
221 [ 56 ] CVE-2013-1671
222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671
223 [ 57 ] CVE-2013-1674
224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674
225 [ 58 ] CVE-2013-1675
226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675
227 [ 59 ] CVE-2013-1676
228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676
229 [ 60 ] CVE-2013-1677
230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677
231 [ 61 ] CVE-2013-1678
232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678
233 [ 62 ] CVE-2013-1679
234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679
235 [ 63 ] CVE-2013-1680
236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680
237 [ 64 ] CVE-2013-1681
238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681
239 [ 65 ] CVE-2013-1682
240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682
241 [ 66 ] CVE-2013-1684
242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684
243 [ 67 ] CVE-2013-1687
244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687
245 [ 68 ] CVE-2013-1690
246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690
247 [ 69 ] CVE-2013-1692
248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692
249 [ 70 ] CVE-2013-1693
250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693
251 [ 71 ] CVE-2013-1694
252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694
253 [ 72 ] CVE-2013-1697
254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697
255 [ 73 ] CVE-2013-1701
256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701
257 [ 74 ] CVE-2013-1702
258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702
259 [ 75 ] CVE-2013-1704
260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704
261 [ 76 ] CVE-2013-1705
262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705
263 [ 77 ] CVE-2013-1707
264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707
265 [ 78 ] CVE-2013-1708
266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708
267 [ 79 ] CVE-2013-1709
268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709
269 [ 80 ] CVE-2013-1710
270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710
271 [ 81 ] CVE-2013-1711
272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711
273 [ 82 ] CVE-2013-1712
274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712
275 [ 83 ] CVE-2013-1713
276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713
277 [ 84 ] CVE-2013-1714
278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714
279 [ 85 ] CVE-2013-1717
280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717
281 [ 86 ] CVE-2013-1718
282 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718
283 [ 87 ] CVE-2013-1719
284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719
285 [ 88 ] CVE-2013-1720
286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720
287 [ 89 ] CVE-2013-1722
288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722
289 [ 90 ] CVE-2013-1723
290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723
291 [ 91 ] CVE-2013-1724
292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724
293 [ 92 ] CVE-2013-1725
294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725
295 [ 93 ] CVE-2013-1726
296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726
297 [ 94 ] CVE-2013-1728
298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728
299 [ 95 ] CVE-2013-1730
300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730
301 [ 96 ] CVE-2013-1732
302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732
303 [ 97 ] CVE-2013-1735
304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735
305 [ 98 ] CVE-2013-1736
306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736
307 [ 99 ] CVE-2013-1737
308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737
309 [ 100 ] CVE-2013-1738
310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738
311
312 Availability
313 ============
314
315 This GLSA and any updates to it are available for viewing at
316 the Gentoo Security Website:
317
318 http://security.gentoo.org/glsa/glsa-201309-23.xml
319
320 Concerns?
321 =========
322
323 Security is a primary focus of Gentoo Linux and ensuring the
324 confidentiality and security of our users' machines is of utmost
325 importance to us. Any security concerns should be addressed to
326 security@g.o or alternatively, you may file a bug at
327 https://bugs.gentoo.org.
328
329 License
330 =======
331
332 Copyright 2013 Gentoo Foundation, Inc; referenced text
333 belongs to its owner(s).
334
335 The contents of this document are licensed under the
336 Creative Commons - Attribution / Share Alike license.
337
338 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups