1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory GLSA 201309-23 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
http://security.gentoo.org/ |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: High |
8 |
Title: Mozilla Products: Multiple vulnerabilities |
9 |
Date: September 27, 2013 |
10 |
Bugs: #450940, #458390, #460818, #464226, #469868, #474758, |
11 |
#479968, #485258 |
12 |
ID: 201309-23 |
13 |
|
14 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 |
|
16 |
Synopsis |
17 |
======== |
18 |
|
19 |
Multiple vulnerabilities have been found in Mozilla Firefox, |
20 |
Thunderbird, and SeaMonkey, some of which may allow a remote user to |
21 |
execute arbitrary code. |
22 |
|
23 |
Background |
24 |
========== |
25 |
|
26 |
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird |
27 |
an open-source email client, both from the Mozilla Project. The |
28 |
SeaMonkey project is a community effort to deliver production-quality |
29 |
releases of code derived from the application formerly known as the |
30 |
'Mozilla Application Suite'. |
31 |
|
32 |
Affected packages |
33 |
================= |
34 |
|
35 |
------------------------------------------------------------------- |
36 |
Package / Vulnerable / Unaffected |
37 |
------------------------------------------------------------------- |
38 |
1 mail-client/thunderbird < 17.0.9 >= 17.0.9 |
39 |
2 www-client/firefox < 17.0.9 >= 17.0.9 |
40 |
3 www-client/seamonkey < 2.21 >= 2.21 |
41 |
4 mail-client/thunderbird-bin |
42 |
< 17.0.9 >= 17.0.9 |
43 |
5 www-client/firefox-bin < 17.0.9 >= 17.0.9 |
44 |
6 www-client/seamonkey-bin |
45 |
< 2.21 >= 2.21 |
46 |
------------------------------------------------------------------- |
47 |
6 affected packages |
48 |
|
49 |
Description |
50 |
=========== |
51 |
|
52 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, |
53 |
Thunderbird, and SeaMonkey. Please review the CVE identifiers |
54 |
referenced below for details. |
55 |
|
56 |
Impact |
57 |
====== |
58 |
|
59 |
A remote attacker could entice a user to view a specially crafted web |
60 |
page or email, possibly resulting in execution of arbitrary code or a |
61 |
Denial of Service condition. Further, a remote attacker could conduct |
62 |
XSS attacks, spoof URLs, bypass address space layout randomization, |
63 |
conduct clickjacking attacks, obtain potentially sensitive information, |
64 |
bypass access restrictions, modify the local filesystem, or conduct |
65 |
other unspecified attacks. |
66 |
|
67 |
Workaround |
68 |
========== |
69 |
|
70 |
There is no known workaround at this time. |
71 |
|
72 |
Resolution |
73 |
========== |
74 |
|
75 |
All Mozilla Firefox users should upgrade to the latest version: |
76 |
|
77 |
# emerge --sync |
78 |
# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9" |
79 |
|
80 |
All users of the Mozilla Firefox binary package should upgrade to the |
81 |
latest version: |
82 |
|
83 |
# emerge --sync |
84 |
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9" |
85 |
|
86 |
All Mozilla Thunderbird users should upgrade to the latest version: |
87 |
|
88 |
# emerge --sync |
89 |
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9" |
90 |
|
91 |
All users of the Mozilla Thunderbird binary package should upgrade to |
92 |
the latest version: |
93 |
|
94 |
# emerge --sync |
95 |
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9" |
96 |
|
97 |
All SeaMonkey users should upgrade to the latest version: |
98 |
|
99 |
# emerge --sync |
100 |
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21" |
101 |
|
102 |
All users of the Mozilla SeaMonkey binary package should upgrade to the |
103 |
latest version: |
104 |
|
105 |
# emerge --sync |
106 |
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21" |
107 |
|
108 |
References |
109 |
========== |
110 |
|
111 |
[ 1 ] CVE-2013-0744 |
112 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744 |
113 |
[ 2 ] CVE-2013-0745 |
114 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745 |
115 |
[ 3 ] CVE-2013-0746 |
116 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746 |
117 |
[ 4 ] CVE-2013-0747 |
118 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747 |
119 |
[ 5 ] CVE-2013-0748 |
120 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748 |
121 |
[ 6 ] CVE-2013-0749 |
122 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749 |
123 |
[ 7 ] CVE-2013-0750 |
124 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750 |
125 |
[ 8 ] CVE-2013-0751 |
126 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751 |
127 |
[ 9 ] CVE-2013-0752 |
128 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752 |
129 |
[ 10 ] CVE-2013-0753 |
130 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753 |
131 |
[ 11 ] CVE-2013-0754 |
132 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754 |
133 |
[ 12 ] CVE-2013-0755 |
134 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755 |
135 |
[ 13 ] CVE-2013-0756 |
136 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756 |
137 |
[ 14 ] CVE-2013-0757 |
138 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757 |
139 |
[ 15 ] CVE-2013-0758 |
140 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758 |
141 |
[ 16 ] CVE-2013-0759 |
142 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759 |
143 |
[ 17 ] CVE-2013-0760 |
144 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760 |
145 |
[ 18 ] CVE-2013-0761 |
146 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761 |
147 |
[ 19 ] CVE-2013-0762 |
148 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762 |
149 |
[ 20 ] CVE-2013-0763 |
150 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763 |
151 |
[ 21 ] CVE-2013-0764 |
152 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764 |
153 |
[ 22 ] CVE-2013-0765 |
154 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765 |
155 |
[ 23 ] CVE-2013-0766 |
156 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766 |
157 |
[ 24 ] CVE-2013-0767 |
158 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767 |
159 |
[ 25 ] CVE-2013-0768 |
160 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768 |
161 |
[ 26 ] CVE-2013-0769 |
162 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769 |
163 |
[ 27 ] CVE-2013-0770 |
164 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770 |
165 |
[ 28 ] CVE-2013-0771 |
166 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771 |
167 |
[ 29 ] CVE-2013-0772 |
168 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772 |
169 |
[ 30 ] CVE-2013-0773 |
170 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773 |
171 |
[ 31 ] CVE-2013-0774 |
172 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774 |
173 |
[ 32 ] CVE-2013-0775 |
174 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775 |
175 |
[ 33 ] CVE-2013-0776 |
176 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776 |
177 |
[ 34 ] CVE-2013-0777 |
178 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777 |
179 |
[ 35 ] CVE-2013-0778 |
180 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778 |
181 |
[ 36 ] CVE-2013-0779 |
182 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779 |
183 |
[ 37 ] CVE-2013-0780 |
184 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780 |
185 |
[ 38 ] CVE-2013-0781 |
186 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781 |
187 |
[ 39 ] CVE-2013-0782 |
188 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782 |
189 |
[ 40 ] CVE-2013-0783 |
190 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783 |
191 |
[ 41 ] CVE-2013-0784 |
192 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784 |
193 |
[ 42 ] CVE-2013-0787 |
194 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787 |
195 |
[ 43 ] CVE-2013-0788 |
196 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788 |
197 |
[ 44 ] CVE-2013-0789 |
198 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789 |
199 |
[ 45 ] CVE-2013-0791 |
200 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791 |
201 |
[ 46 ] CVE-2013-0792 |
202 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792 |
203 |
[ 47 ] CVE-2013-0793 |
204 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793 |
205 |
[ 48 ] CVE-2013-0794 |
206 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794 |
207 |
[ 49 ] CVE-2013-0795 |
208 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795 |
209 |
[ 50 ] CVE-2013-0796 |
210 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796 |
211 |
[ 51 ] CVE-2013-0797 |
212 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797 |
213 |
[ 52 ] CVE-2013-0799 |
214 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799 |
215 |
[ 53 ] CVE-2013-0800 |
216 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800 |
217 |
[ 54 ] CVE-2013-0801 |
218 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801 |
219 |
[ 55 ] CVE-2013-1670 |
220 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670 |
221 |
[ 56 ] CVE-2013-1671 |
222 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671 |
223 |
[ 57 ] CVE-2013-1674 |
224 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674 |
225 |
[ 58 ] CVE-2013-1675 |
226 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675 |
227 |
[ 59 ] CVE-2013-1676 |
228 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676 |
229 |
[ 60 ] CVE-2013-1677 |
230 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677 |
231 |
[ 61 ] CVE-2013-1678 |
232 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678 |
233 |
[ 62 ] CVE-2013-1679 |
234 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679 |
235 |
[ 63 ] CVE-2013-1680 |
236 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680 |
237 |
[ 64 ] CVE-2013-1681 |
238 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681 |
239 |
[ 65 ] CVE-2013-1682 |
240 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682 |
241 |
[ 66 ] CVE-2013-1684 |
242 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684 |
243 |
[ 67 ] CVE-2013-1687 |
244 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687 |
245 |
[ 68 ] CVE-2013-1690 |
246 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690 |
247 |
[ 69 ] CVE-2013-1692 |
248 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692 |
249 |
[ 70 ] CVE-2013-1693 |
250 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693 |
251 |
[ 71 ] CVE-2013-1694 |
252 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694 |
253 |
[ 72 ] CVE-2013-1697 |
254 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697 |
255 |
[ 73 ] CVE-2013-1701 |
256 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701 |
257 |
[ 74 ] CVE-2013-1702 |
258 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702 |
259 |
[ 75 ] CVE-2013-1704 |
260 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704 |
261 |
[ 76 ] CVE-2013-1705 |
262 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705 |
263 |
[ 77 ] CVE-2013-1707 |
264 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707 |
265 |
[ 78 ] CVE-2013-1708 |
266 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708 |
267 |
[ 79 ] CVE-2013-1709 |
268 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709 |
269 |
[ 80 ] CVE-2013-1710 |
270 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710 |
271 |
[ 81 ] CVE-2013-1711 |
272 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711 |
273 |
[ 82 ] CVE-2013-1712 |
274 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712 |
275 |
[ 83 ] CVE-2013-1713 |
276 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713 |
277 |
[ 84 ] CVE-2013-1714 |
278 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714 |
279 |
[ 85 ] CVE-2013-1717 |
280 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717 |
281 |
[ 86 ] CVE-2013-1718 |
282 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718 |
283 |
[ 87 ] CVE-2013-1719 |
284 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719 |
285 |
[ 88 ] CVE-2013-1720 |
286 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720 |
287 |
[ 89 ] CVE-2013-1722 |
288 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722 |
289 |
[ 90 ] CVE-2013-1723 |
290 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723 |
291 |
[ 91 ] CVE-2013-1724 |
292 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724 |
293 |
[ 92 ] CVE-2013-1725 |
294 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725 |
295 |
[ 93 ] CVE-2013-1726 |
296 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726 |
297 |
[ 94 ] CVE-2013-1728 |
298 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728 |
299 |
[ 95 ] CVE-2013-1730 |
300 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730 |
301 |
[ 96 ] CVE-2013-1732 |
302 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732 |
303 |
[ 97 ] CVE-2013-1735 |
304 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735 |
305 |
[ 98 ] CVE-2013-1736 |
306 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736 |
307 |
[ 99 ] CVE-2013-1737 |
308 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737 |
309 |
[ 100 ] CVE-2013-1738 |
310 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738 |
311 |
|
312 |
Availability |
313 |
============ |
314 |
|
315 |
This GLSA and any updates to it are available for viewing at |
316 |
the Gentoo Security Website: |
317 |
|
318 |
http://security.gentoo.org/glsa/glsa-201309-23.xml |
319 |
|
320 |
Concerns? |
321 |
========= |
322 |
|
323 |
Security is a primary focus of Gentoo Linux and ensuring the |
324 |
confidentiality and security of our users' machines is of utmost |
325 |
importance to us. Any security concerns should be addressed to |
326 |
security@g.o or alternatively, you may file a bug at |
327 |
https://bugs.gentoo.org. |
328 |
|
329 |
License |
330 |
======= |
331 |
|
332 |
Copyright 2013 Gentoo Foundation, Inc; referenced text |
333 |
belongs to its owner(s). |
334 |
|
335 |
The contents of this document are licensed under the |
336 |
Creative Commons - Attribution / Share Alike license. |
337 |
|
338 |
http://creativecommons.org/licenses/by-sa/2.5 |