1 |
creffett 13/09/27 20:20:30 |
2 |
|
3 |
Added: glsa-201309-23.xml |
4 |
Log: |
5 |
GLSA-201309-23 |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/security/en/glsa/glsa-201309-23.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201309-23.xml?rev=1.1&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201309-23.xml?rev=1.1&content-type=text/plain |
12 |
|
13 |
Index: glsa-201309-23.xml |
14 |
=================================================================== |
15 |
<?xml version="1.0" encoding="UTF-8"?> |
16 |
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> |
17 |
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
18 |
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
19 |
<glsa id="201309-23"> |
20 |
<title>Mozilla Products: Multiple vulnerabilities</title> |
21 |
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, |
22 |
Thunderbird, and SeaMonkey, some of which may allow a remote user to |
23 |
execute arbitrary code. |
24 |
</synopsis> |
25 |
<product type="ebuild">firefox,thunderbird,seamonkey</product> |
26 |
<announced>September 27, 2013</announced> |
27 |
<revised>September 27, 2013: 1</revised> |
28 |
<bug>450940</bug> |
29 |
<bug>458390</bug> |
30 |
<bug>460818</bug> |
31 |
<bug>464226</bug> |
32 |
<bug>469868</bug> |
33 |
<bug>474758</bug> |
34 |
<bug>479968</bug> |
35 |
<bug>485258</bug> |
36 |
<access>remote</access> |
37 |
<affected> |
38 |
<package name="mail-client/thunderbird" auto="yes" arch="*"> |
39 |
<unaffected range="ge">17.0.9</unaffected> |
40 |
<vulnerable range="lt">17.0.9</vulnerable> |
41 |
</package> |
42 |
<package name="www-client/firefox" auto="yes" arch="*"> |
43 |
<unaffected range="ge">17.0.9</unaffected> |
44 |
<vulnerable range="lt">17.0.9</vulnerable> |
45 |
</package> |
46 |
<package name="www-client/seamonkey" auto="yes" arch="*"> |
47 |
<unaffected range="ge">2.21</unaffected> |
48 |
<vulnerable range="lt">2.21</vulnerable> |
49 |
</package> |
50 |
<package name="mail-client/thunderbird-bin" auto="yes" arch="*"> |
51 |
<unaffected range="ge">17.0.9</unaffected> |
52 |
<vulnerable range="lt">17.0.9</vulnerable> |
53 |
</package> |
54 |
<package name="www-client/firefox-bin" auto="yes" arch="*"> |
55 |
<unaffected range="ge">17.0.9</unaffected> |
56 |
<vulnerable range="lt">17.0.9</vulnerable> |
57 |
</package> |
58 |
<package name="www-client/seamonkey-bin" auto="yes" arch="*"> |
59 |
<unaffected range="ge">2.21</unaffected> |
60 |
<vulnerable range="lt">2.21</vulnerable> |
61 |
</package> |
62 |
</affected> |
63 |
<background> |
64 |
<p>Mozilla Firefox is an open-source web browser and Mozilla Thunderbird |
65 |
an open-source email client, both from the Mozilla Project. The |
66 |
SeaMonkey project is a community effort to deliver production-quality |
67 |
releases of code derived from the application formerly known as the |
68 |
‘Mozilla Application Suite’. |
69 |
</p> |
70 |
</background> |
71 |
<description> |
72 |
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox, |
73 |
Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced |
74 |
below for details. |
75 |
</p> |
76 |
</description> |
77 |
<impact type="high"> |
78 |
<p>A remote attacker could entice a user to view a specially crafted web |
79 |
page or email, possibly resulting in execution of arbitrary code or a |
80 |
Denial of Service condition. Further, a remote attacker could conduct XSS |
81 |
attacks, spoof URLs, bypass address space layout randomization, conduct |
82 |
clickjacking attacks, obtain potentially sensitive information, bypass |
83 |
access restrictions, modify the local filesystem, or conduct other |
84 |
unspecified attacks. |
85 |
</p> |
86 |
</impact> |
87 |
<workaround> |
88 |
<p>There is no known workaround at this time.</p> |
89 |
</workaround> |
90 |
<resolution> |
91 |
<p>All Mozilla Firefox users should upgrade to the latest version:</p> |
92 |
|
93 |
<code> |
94 |
# emerge --sync |
95 |
# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9" |
96 |
</code> |
97 |
|
98 |
<p>All users of the Mozilla Firefox binary package should upgrade to the |
99 |
latest version: |
100 |
</p> |
101 |
|
102 |
<code> |
103 |
# emerge --sync |
104 |
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9" |
105 |
</code> |
106 |
|
107 |
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p> |
108 |
|
109 |
<code> |
110 |
# emerge --sync |
111 |
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9" |
112 |
</code> |
113 |
|
114 |
<p>All users of the Mozilla Thunderbird binary package should upgrade to |
115 |
the latest version: |
116 |
</p> |
117 |
|
118 |
<code> |
119 |
# emerge --sync |
120 |
# emerge --ask --oneshot --verbose |
121 |
">=mail-client/thunderbird-bin-17.0.9" |
122 |
</code> |
123 |
|
124 |
<p>All SeaMonkey users should upgrade to the latest version:</p> |
125 |
|
126 |
<code> |
127 |
# emerge --sync |
128 |
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21" |
129 |
</code> |
130 |
|
131 |
<p>All users of the Mozilla SeaMonkey binary package should upgrade to the |
132 |
latest version: |
133 |
</p> |
134 |
|
135 |
<code> |
136 |
# emerge --sync |
137 |
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21" |
138 |
</code> |
139 |
</resolution> |
140 |
<references> |
141 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744">CVE-2013-0744</uri> |
142 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745">CVE-2013-0745</uri> |
143 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746">CVE-2013-0746</uri> |
144 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747">CVE-2013-0747</uri> |
145 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748">CVE-2013-0748</uri> |
146 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749">CVE-2013-0749</uri> |
147 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750">CVE-2013-0750</uri> |
148 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751">CVE-2013-0751</uri> |
149 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752">CVE-2013-0752</uri> |
150 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753">CVE-2013-0753</uri> |
151 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754">CVE-2013-0754</uri> |
152 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755">CVE-2013-0755</uri> |
153 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756">CVE-2013-0756</uri> |
154 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757">CVE-2013-0757</uri> |
155 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758">CVE-2013-0758</uri> |
156 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759">CVE-2013-0759</uri> |
157 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760">CVE-2013-0760</uri> |
158 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761">CVE-2013-0761</uri> |
159 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762">CVE-2013-0762</uri> |
160 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763">CVE-2013-0763</uri> |
161 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764">CVE-2013-0764</uri> |
162 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765">CVE-2013-0765</uri> |
163 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766">CVE-2013-0766</uri> |
164 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767">CVE-2013-0767</uri> |
165 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768">CVE-2013-0768</uri> |
166 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769">CVE-2013-0769</uri> |
167 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770">CVE-2013-0770</uri> |
168 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771">CVE-2013-0771</uri> |
169 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772">CVE-2013-0772</uri> |
170 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773">CVE-2013-0773</uri> |
171 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774">CVE-2013-0774</uri> |
172 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775">CVE-2013-0775</uri> |
173 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776">CVE-2013-0776</uri> |
174 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777">CVE-2013-0777</uri> |
175 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778">CVE-2013-0778</uri> |
176 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779">CVE-2013-0779</uri> |
177 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780">CVE-2013-0780</uri> |
178 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781">CVE-2013-0781</uri> |
179 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782">CVE-2013-0782</uri> |
180 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783">CVE-2013-0783</uri> |
181 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784">CVE-2013-0784</uri> |
182 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787">CVE-2013-0787</uri> |
183 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788">CVE-2013-0788</uri> |
184 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789">CVE-2013-0789</uri> |
185 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791">CVE-2013-0791</uri> |
186 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792">CVE-2013-0792</uri> |
187 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793">CVE-2013-0793</uri> |
188 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794">CVE-2013-0794</uri> |
189 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795">CVE-2013-0795</uri> |
190 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796">CVE-2013-0796</uri> |
191 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797">CVE-2013-0797</uri> |
192 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799">CVE-2013-0799</uri> |
193 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800">CVE-2013-0800</uri> |
194 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801">CVE-2013-0801</uri> |
195 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670">CVE-2013-1670</uri> |
196 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671">CVE-2013-1671</uri> |
197 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674">CVE-2013-1674</uri> |
198 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675">CVE-2013-1675</uri> |
199 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676">CVE-2013-1676</uri> |
200 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677">CVE-2013-1677</uri> |
201 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678">CVE-2013-1678</uri> |
202 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679">CVE-2013-1679</uri> |
203 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680">CVE-2013-1680</uri> |
204 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681">CVE-2013-1681</uri> |
205 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682">CVE-2013-1682</uri> |
206 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684">CVE-2013-1684</uri> |
207 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687">CVE-2013-1687</uri> |
208 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690">CVE-2013-1690</uri> |
209 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692">CVE-2013-1692</uri> |
210 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693">CVE-2013-1693</uri> |
211 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694">CVE-2013-1694</uri> |
212 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697">CVE-2013-1697</uri> |
213 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701">CVE-2013-1701</uri> |
214 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702">CVE-2013-1702</uri> |
215 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704">CVE-2013-1704</uri> |
216 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705">CVE-2013-1705</uri> |
217 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707">CVE-2013-1707</uri> |
218 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708">CVE-2013-1708</uri> |
219 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709">CVE-2013-1709</uri> |
220 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710">CVE-2013-1710</uri> |
221 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711">CVE-2013-1711</uri> |
222 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712">CVE-2013-1712</uri> |
223 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713">CVE-2013-1713</uri> |
224 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714">CVE-2013-1714</uri> |
225 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717">CVE-2013-1717</uri> |
226 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718">CVE-2013-1718</uri> |
227 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719">CVE-2013-1719</uri> |
228 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720">CVE-2013-1720</uri> |
229 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722">CVE-2013-1722</uri> |
230 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723">CVE-2013-1723</uri> |
231 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724">CVE-2013-1724</uri> |
232 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725">CVE-2013-1725</uri> |
233 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726">CVE-2013-1726</uri> |
234 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728">CVE-2013-1728</uri> |
235 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730">CVE-2013-1730</uri> |
236 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732">CVE-2013-1732</uri> |
237 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735">CVE-2013-1735</uri> |
238 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736">CVE-2013-1736</uri> |
239 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737">CVE-2013-1737</uri> |
240 |
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738">CVE-2013-1738</uri> |
241 |
</references> |
242 |
<metadata tag="requester" timestamp="Fri, 12 Jul 2013 01:55:45 +0000"> |
243 |
creffett |
244 |
</metadata> |
245 |
<metadata tag="submitter" timestamp="Fri, 27 Sep 2013 20:18:53 +0000"> |
246 |
creffett |
247 |
</metadata> |
248 |
</glsa> |