[gentoo-announce] [ GLSA 202010-08 ] Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities - gentoo-announce

From:	Sam James <sam@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202010-08 ] Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Date:	Wed, 28 Oct 2020 00:37:18
Message-Id:	`F2584A73-77A0-4A77-A019-3A533661D3F5@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202010-08

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                          https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

Severity: Normal

8

   Title: Mozilla Firefox, Mozilla Thunderbird: Multiple

9

          vulnerabilities

10

    Date: October 28, 2020

11

    Bugs: #750446

12

      ID: 202010-08

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla

20

Thunderbird, the worst of which could result in the arbitrary execution

21

of code.

22

23

Background

24

==========

25

26

Mozilla Firefox is a popular open-source web browser from the Mozilla

27

project.

28

29

Mozilla Thunderbird is a popular open-source email client from the

30

Mozilla project.

31

32

Affected packages

33

=================

34

35

   -------------------------------------------------------------------

36

    Package              /     Vulnerable     /            Unaffected

37

   -------------------------------------------------------------------

38

 1  www-client/firefox            < 82.0           >= 78.4.0:0/esr78

39

> = 82.0

40

 2  www-client/firefox-bin        < 82.0           >= 78.4.0:0/esr78

41

> = 82.0

42

 3  mail-client/thunderbird      < 78.4.0                  >= 78.4.0

43

 4  mail-client/thunderbird-bin

44

                                 < 78.4.0                  >= 78.4.0

45

   -------------------------------------------------------------------

46

    4 affected packages

47

48

Description

49

===========

50

51

Multiple vulnerabilities have been discovered in Mozilla Firefox and

52

Mozilla Thunderbird. Please review the CVE identifiers referenced below

53

for details.

54

55

Impact

56

======

57

58

Please review the referenced CVE identifiers for details.

59

60

Workaround

61

==========

62

63

There is no known workaround at this time.

64

65

Resolution

66

==========

67

68

All Mozilla Firefox users should upgrade to the latest version:

69

70

 # emerge --sync

71

 # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0"

72

73

All Mozilla Firefox (bin) users should upgrade to the latest version:

74

75

 # emerge --sync

76

 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-82.0"

77

78

All Mozilla Firefox ESR users should upgrade to the latest version:

79

80

 # emerge --sync

81

 # emerge --ask --oneshot -v ">=www-client/firefox-78.4.0:0/esr78"

82

83

All Mozilla Firefox ESR (bin) users should upgrade to the latest

84

version:

85

86

 # emerge --sync

87

 # emerge --ask --oneshot -v ">=www-client/firefox-bin-78.4.0:0/esr78"

88

89

All Mozilla Thunderbird users should upgrade to the latest version:

90

91

 # emerge --sync

92

 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-.4.0"

93

94

All Mozilla Thunderbird (bin) users should upgrade to the latest

95

version:

96

97

 # emerge --sync

98

 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-78.4.0"

99

100

References

101

==========

102

103

[ 1 ] CVE-2020-15683

104

     https://nvd.nist.gov/vuln/detail/CVE-2020-15683

105

[ 2 ] CVE-2020-15969

106

     https://nvd.nist.gov/vuln/detail/CVE-2020-15969

107

[ 3 ] MFSA-2020-45

108

     https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/

109

[ 4 ] MFSA-2020-46

110

     https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/

111

[ 5 ] MFSA-2020-47

112

     https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/

113

114

Availability

115

============

116

117

This GLSA and any updates to it are available for viewing at

118

the Gentoo Security Website:

119

120

https://security.gentoo.org/glsa/202010-08

121

122

Concerns?

123

=========

124

125

Security is a primary focus of Gentoo Linux and ensuring the

126

confidentiality and security of our users' machines is of utmost

127

importance to us. Any security concerns should be addressed to

128

security@g.o or alternatively, you may file a bug at

129

https://bugs.gentoo.org.

130

131

License

132

=======

133

134

Copyright 2020 Gentoo Foundation, Inc; referenced text

135

belongs to its owner(s).

136

137

The contents of this document are licensed under the

138

Creative Commons - Attribution / Share Alike license.

139

140

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202010-08
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Mozilla Firefox, Mozilla Thunderbird: Multiple
9	vulnerabilities
10	Date: October 28, 2020
11	Bugs: #750446
12	ID: 202010-08
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla
20	Thunderbird, the worst of which could result in the arbitrary execution
21	of code.
22
23	Background
24	==========
25
26	Mozilla Firefox is a popular open-source web browser from the Mozilla
27	project.
28
29	Mozilla Thunderbird is a popular open-source email client from the
30	Mozilla project.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 www-client/firefox < 82.0 >= 78.4.0:0/esr78
39	> = 82.0
40	2 www-client/firefox-bin < 82.0 >= 78.4.0:0/esr78
41	> = 82.0
42	3 mail-client/thunderbird < 78.4.0 >= 78.4.0
43	4 mail-client/thunderbird-bin
44	< 78.4.0 >= 78.4.0
45	-------------------------------------------------------------------
46	4 affected packages
47
48	Description
49	===========
50
51	Multiple vulnerabilities have been discovered in Mozilla Firefox and
52	Mozilla Thunderbird. Please review the CVE identifiers referenced below
53	for details.
54
55	Impact
56	======
57
58	Please review the referenced CVE identifiers for details.
59
60	Workaround
61	==========
62
63	There is no known workaround at this time.
64
65	Resolution
66	==========
67
68	All Mozilla Firefox users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=www-client/firefox-82.0"
72
73	All Mozilla Firefox (bin) users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-82.0"
77
78	All Mozilla Firefox ESR users should upgrade to the latest version:
79
80	# emerge --sync
81	# emerge --ask --oneshot -v ">=www-client/firefox-78.4.0:0/esr78"
82
83	All Mozilla Firefox ESR (bin) users should upgrade to the latest
84	version:
85
86	# emerge --sync
87	# emerge --ask --oneshot -v ">=www-client/firefox-bin-78.4.0:0/esr78"
88
89	All Mozilla Thunderbird users should upgrade to the latest version:
90
91	# emerge --sync
92	# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-.4.0"
93
94	All Mozilla Thunderbird (bin) users should upgrade to the latest
95	version:
96
97	# emerge --sync
98	# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-78.4.0"
99
100	References
101	==========
102
103	[ 1 ] CVE-2020-15683
104	https://nvd.nist.gov/vuln/detail/CVE-2020-15683
105	[ 2 ] CVE-2020-15969
106	https://nvd.nist.gov/vuln/detail/CVE-2020-15969
107	[ 3 ] MFSA-2020-45
108	https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
109	[ 4 ] MFSA-2020-46
110	https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/
111	[ 5 ] MFSA-2020-47
112	https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/
113
114	Availability
115	============
116
117	This GLSA and any updates to it are available for viewing at
118	the Gentoo Security Website:
119
120	https://security.gentoo.org/glsa/202010-08
121
122	Concerns?
123	=========
124
125	Security is a primary focus of Gentoo Linux and ensuring the
126	confidentiality and security of our users' machines is of utmost
127	importance to us. Any security concerns should be addressed to
128	security@g.o or alternatively, you may file a bug at
129	https://bugs.gentoo.org.
130
131	License
132	=======
133
134	Copyright 2020 Gentoo Foundation, Inc; referenced text
135	belongs to its owner(s).
136
137	The contents of this document are licensed under the
138	Creative Commons - Attribution / Share Alike license.
139
140	https://creativecommons.org/licenses/by-sa/2.5