Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202010-02 ] Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Date: Sat, 17 Oct 2020 09:08:45
Message-Id: 386DBE45-883E-43C1-A410-2F35CDE568B0@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202010-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox, Mozilla Thunderbird: Multiple
9 vulnerabilities
10 Date: October 17, 2020
11 Bugs: #744208, #745432
12 ID: 202010-02
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla
20 Thunderbird, the worst of which could result in the arbitrary execution
21 of code.
22
23 Background
24 ==========
25
26 Mozilla Firefox is a popular open-source web browser from the Mozilla
27 project.
28
29 Mozilla Thunderbird is a popular open-source email client from the
30 Mozilla project.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 www-client/firefox < 81.0 >= 78.3.0:0/esr78
39 >= 81.0
40 2 www-client/firefox-bin < 81.0 >= 78.3.0:0/esr78
41 >= 81.0
42 3 mail-client/thunderbird < 78.3.1 >= 78.3.1
43 4 mail-client/thunderbird-bin
44 < 78.3.1 >= 78.3.1
45 -------------------------------------------------------------------
46 4 affected packages
47
48 Description
49 ===========
50
51 Multiple vulnerabilities have been discovered in Mozilla Firefox and
52 Mozilla Thunderbird. Please review the CVE identifiers referenced below
53 for details.
54
55 Impact
56 ======
57
58 Please review the referenced CVE identifiers for details.
59
60 Workaround
61 ==========
62
63 There is no known workaround at this time.
64
65 Resolution
66 ==========
67
68 All Mozilla Firefox users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot --verbose ">=www-client/firefox-81.0"
72
73 All Mozilla Firefox (bin) users should upgrade to the latest version:
74
75 # emerge --sync
76 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-81.0"
77
78 All Mozilla Firefox ESR (bin) users should upgrade to the latest
79 version:
80
81 # emerge --sync
82 # emerge --ask --oneshot --verbose ">=www-client/firefox-78.3.0"
83
84 All Mozilla Firefox ESR (bin) users should upgrade to the latest
85 version:
86
87 # emerge --sync
88 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.3.0"
89
90 All Mozilla Thunderbird users should upgrade to the latest version:
91
92 # emerge --sync
93 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.3.1"
94
95 All Mozilla Thunderbird (bin) users should upgrade to the latest
96 version:
97
98 # emerge --sync
99 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-78.3.1"
100
101 References
102 ==========
103
104 [ 1 ] CVE-2020-15673
105 https://nvd.nist.gov/vuln/detail/CVE-2020-15673
106 [ 2 ] CVE-2020-15676
107 https://nvd.nist.gov/vuln/detail/CVE-2020-15676
108 [ 3 ] CVE-2020-15677
109 https://nvd.nist.gov/vuln/detail/CVE-2020-15677
110 [ 4 ] CVE-2020-15678
111 https://nvd.nist.gov/vuln/detail/CVE-2020-15678
112 [ 5 ] Mozilla Foundation Security Advisory 2020-43
113 https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/
114 [ 6 ] Mozilla Foundation Security Advisory 2020-44
115 https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/
116
117 Availability
118 ============
119
120 This GLSA and any updates to it are available for viewing at
121 the Gentoo Security Website:
122
123 https://security.gentoo.org/glsa/202010-02
124
125 Concerns?
126 =========
127
128 Security is a primary focus of Gentoo Linux and ensuring the
129 confidentiality and security of our users' machines is of utmost
130 importance to us. Any security concerns should be addressed to
131 security@g.o or alternatively, you may file a bug at
132 https://bugs.gentoo.org.
133
134 License
135 =======
136
137 Copyright 2020 Gentoo Foundation, Inc; referenced text
138 belongs to its owner(s).
139
140 The contents of this document are licensed under the
141 Creative Commons - Attribution / Share Alike license.
142
143 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature