Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201701-15 ] Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities
Date: Tue, 03 Jan 2017 13:03:25
Message-Id: 25535512-53cd-58e0-8b95-5fff3c3eb338@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201701-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Firefox, SeaMonkey, Thunderbird: Multiple
9 vulnerabilities
10 Date: January 03, 2017
11 Bugs: #539242, #541506, #581326, #590330, #594616, #599924,
12 #601320, #602576, #604024
13 ID: 201701-15
14
15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17 Synopsis
18 ========
19
20 Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey,
21 and Thunderbird the worst of which could lead to the execution of
22 arbitrary code.
23
24 Background
25 ==========
26
27 Mozilla Firefox is a cross-platform web browser from Mozilla. The
28 Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
29 component. The goal is to produce a cross-platform stand-alone mail
30 application using XUL (XML User Interface Language). SeaMonkey is a
31 free and open-source Internet suite. It is the continuation of the
32 former Mozilla Application Suite, based on the same source code.
33
34 Affected packages
35 =================
36
37 -------------------------------------------------------------------
38 Package / Vulnerable / Unaffected
39 -------------------------------------------------------------------
40 1 www-client/firefox < 45.6.0 >= 45.6.0
41 2 www-client/firefox-bin < 45.6.0 >= 45.6.0
42 3 mail-client/thunderbird < 45.6.0 >= 45.6.0
43 4 mail-client/thunderbird-bin
44 < 45.6.0 >= 45.6.0
45 5 www-client/seamonkey < 2.38 >= 2.38
46 6 www-client/seamonkey-bin
47 < 2.38 >= 2.38
48 -------------------------------------------------------------------
49 6 affected packages
50
51 Description
52 ===========
53
54 Multiple vulnerabilities have been discovered in Mozilla Firefox,
55 SeaMonkey, and Thunderbird. Please review the CVE identifiers
56 referenced below for details.
57
58 Impact
59 ======
60
61 A remote attacker could possibly execute arbitrary code with the
62 privileges of the process or cause a Denial of Service condition via
63 multiple vectors.
64
65 Workaround
66 ==========
67
68 There is no known workaround at this time.
69
70 Resolution
71 ==========
72
73 All Firefox users should upgrade to the latest version:
74
75 # emerge --sync
76 # emerge --ask --oneshot --verbose ">=www-client/firefox-45.6.0"
77
78 All Firefox-bin users should upgrade to the latest version:
79
80 # emerge --sync
81 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-45.6.0"
82
83 All Thunderbird users should upgrade to the latest version:
84
85 # emerge --sync
86 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-45.6.0"
87
88 All Thunderbird-bin users should upgrade to the latest version:
89
90 # emerge --sync
91 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-45.6.0"
92
93 All SeaMonkey users should upgrade to the latest version:
94
95 # emerge --sync
96 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.38"
97
98 All SeaMonkey-bin users should upgrade to the latest version:
99
100 # emerge --sync
101 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.38"
102
103 References
104 ==========
105
106 [ 1 ] CVE-2014-8634
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634
108 [ 2 ] CVE-2014-8635
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635
110 [ 3 ] CVE-2014-8636
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636
112 [ 4 ] CVE-2014-8637
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637
114 [ 5 ] CVE-2014-8638
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638
116 [ 6 ] CVE-2014-8639
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639
118 [ 7 ] CVE-2014-8640
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640
120 [ 8 ] CVE-2014-8641
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641
122 [ 9 ] CVE-2014-8642
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642
124 [ 10 ] CVE-2015-0819
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819
126 [ 11 ] CVE-2015-0820
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820
128 [ 12 ] CVE-2015-0821
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821
130 [ 13 ] CVE-2015-0822
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822
132 [ 14 ] CVE-2015-0823
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823
134 [ 15 ] CVE-2015-0824
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824
136 [ 16 ] CVE-2015-0825
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825
138 [ 17 ] CVE-2015-0826
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826
140 [ 18 ] CVE-2015-0827
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827
142 [ 19 ] CVE-2015-0828
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828
144 [ 20 ] CVE-2015-0829
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829
146 [ 21 ] CVE-2015-0830
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830
148 [ 22 ] CVE-2015-0831
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831
150 [ 23 ] CVE-2015-0832
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832
152 [ 24 ] CVE-2015-0833
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833
154 [ 25 ] CVE-2015-0834
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834
156 [ 26 ] CVE-2015-0835
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835
158 [ 27 ] CVE-2015-0836
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836
160 [ 28 ] CVE-2016-2804
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804
162 [ 29 ] CVE-2016-2805
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805
164 [ 30 ] CVE-2016-2806
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806
166 [ 31 ] CVE-2016-2807
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2807
168 [ 32 ] CVE-2016-2808
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2808
170 [ 33 ] CVE-2016-2809
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2809
172 [ 34 ] CVE-2016-2810
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2810
174 [ 35 ] CVE-2016-2811
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2811
176 [ 36 ] CVE-2016-2812
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2812
178 [ 37 ] CVE-2016-2813
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2813
180 [ 38 ] CVE-2016-2814
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2814
182 [ 39 ] CVE-2016-2816
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2816
184 [ 40 ] CVE-2016-2817
185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2817
186 [ 41 ] CVE-2016-2820
187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2820
188 [ 42 ] CVE-2016-2827
189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2827
190 [ 43 ] CVE-2016-2830
191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2830
192 [ 44 ] CVE-2016-2835
193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2835
194 [ 45 ] CVE-2016-2836
195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2836
196 [ 46 ] CVE-2016-2837
197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2837
198 [ 47 ] CVE-2016-2838
199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2838
200 [ 48 ] CVE-2016-2839
201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2839
202 [ 49 ] CVE-2016-5250
203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5250
204 [ 50 ] CVE-2016-5251
205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5251
206 [ 51 ] CVE-2016-5252
207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5252
208 [ 52 ] CVE-2016-5253
209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5253
210 [ 53 ] CVE-2016-5254
211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5254
212 [ 54 ] CVE-2016-5255
213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5255
214 [ 55 ] CVE-2016-5256
215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5256
216 [ 56 ] CVE-2016-5257
217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5257
218 [ 57 ] CVE-2016-5258
219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5258
220 [ 58 ] CVE-2016-5259
221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5259
222 [ 59 ] CVE-2016-5260
223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5260
224 [ 60 ] CVE-2016-5261
225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5261
226 [ 61 ] CVE-2016-5262
227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5262
228 [ 62 ] CVE-2016-5263
229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5263
230 [ 63 ] CVE-2016-5264
231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5264
232 [ 64 ] CVE-2016-5265
233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5265
234 [ 65 ] CVE-2016-5266
235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5266
236 [ 66 ] CVE-2016-5267
237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5267
238 [ 67 ] CVE-2016-5268
239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5268
240 [ 68 ] CVE-2016-5270
241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5270
242 [ 69 ] CVE-2016-5271
243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5271
244 [ 70 ] CVE-2016-5272
245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5272
246 [ 71 ] CVE-2016-5273
247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5273
248 [ 72 ] CVE-2016-5274
249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5274
250 [ 73 ] CVE-2016-5275
251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5275
252 [ 74 ] CVE-2016-5276
253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5276
254 [ 75 ] CVE-2016-5277
255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5277
256 [ 76 ] CVE-2016-5278
257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5278
258 [ 77 ] CVE-2016-5279
259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5279
260 [ 78 ] CVE-2016-5280
261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5280
262 [ 79 ] CVE-2016-5281
263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5281
264 [ 80 ] CVE-2016-5282
265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5282
266 [ 81 ] CVE-2016-5283
267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5283
268 [ 82 ] CVE-2016-5284
269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5284
270 [ 83 ] CVE-2016-5290
271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5290
272 [ 84 ] CVE-2016-5291
273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5291
274 [ 85 ] CVE-2016-5293
275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5293
276 [ 86 ] CVE-2016-5294
277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5294
278 [ 87 ] CVE-2016-5296
279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5296
280 [ 88 ] CVE-2016-5297
281 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5297
282 [ 89 ] CVE-2016-9064
283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9064
284 [ 90 ] CVE-2016-9066
285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9066
286 [ 91 ] CVE-2016-9074
287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074
288 [ 92 ] CVE-2016-9079
289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079
290 [ 93 ] CVE-2016-9893
291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9893
292 [ 94 ] CVE-2016-9895
293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9895
294 [ 95 ] CVE-2016-9897
295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9897
296 [ 96 ] CVE-2016-9898
297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9898
298 [ 97 ] CVE-2016-9899
299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9899
300 [ 98 ] CVE-2016-9900
301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9900
302 [ 99 ] CVE-2016-9901
303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9901
304 [ 100 ] CVE-2016-9902
305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9902
306 [ 101 ] CVE-2016-9904
307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9904
308 [ 102 ] CVE-2016-9905
309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905
310
311 Availability
312 ============
313
314 This GLSA and any updates to it are available for viewing at
315 the Gentoo Security Website:
316
317 https://security.gentoo.org/glsa/201701-15
318
319 Concerns?
320 =========
321
322 Security is a primary focus of Gentoo Linux and ensuring the
323 confidentiality and security of our users' machines is of utmost
324 importance to us. Any security concerns should be addressed to
325 security@g.o or alternatively, you may file a bug at
326 https://bugs.gentoo.org.
327
328 License
329 =======
330
331 Copyright 2017 Gentoo Foundation, Inc; referenced text
332 belongs to its owner(s).
333
334 The contents of this document are licensed under the
335 Creative Commons - Attribution / Share Alike license.
336
337 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups