Home / mailingsPDF  

[gentoo-announce] [ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities

Posted on 27 September 2013
Gentoo-announce

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EXRWjeH6HMTqX2dxlnueR95DWSr5A6V22
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: September 27, 2013
Bugs: #450940, #458390, #460818, #464226, #469868, #474758,
#479968, #485258
ID: 201309-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.

Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/thunderbird < 17.0.9 >= 17.0.9
2 www-client/firefox < 17.0.9 >= 17.0.9
3 www-client/seamonkey < 2.21 >= 2.21
4 mail-client/thunderbird-bin
< 17.0.9 >= 17.0.9
5 www-client/firefox-bin < 17.0.9 >= 17.0.9
6 www-client/seamonkey-bin
< 2.21 >= 2.21
-------------------------------------------------------------------
6 affected packages

Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, and SeaMonkey. Please review the CVE identifiers
referenced below for details.

Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Further, a remote attacker could conduct
XSS attacks, spoof URLs, bypass address space layout randomization,
conduct clickjacking attacks, obtain potentially sensitive information,
bypass access restrictions, modify the local filesystem, or conduct
other unspecified attacks.

Workaround
==========
There is no known workaround at this time.

Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"

All users of the Mozilla Firefox binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"=

All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9"

All SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"

All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"

References
==========
[ 1 ] CVE-2013-0744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744
[ 2 ] CVE-2013-0745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745
[ 3 ] CVE-2013-0746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746
[ 4 ] CVE-2013-0747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747
[ 5 ] CVE-2013-0748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748
[ 6 ] CVE-2013-0749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749
[ 7 ] CVE-2013-0750
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750
[ 8 ] CVE-2013-0751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751
[ 9 ] CVE-2013-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752
[ 10 ] CVE-2013-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753
[ 11 ] CVE-2013-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754
[ 12 ] CVE-2013-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755
[ 13 ] CVE-2013-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756
[ 14 ] CVE-2013-0757
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757
[ 15 ] CVE-2013-0758
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758
[ 16 ] CVE-2013-0759
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759
[ 17 ] CVE-2013-0760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760
[ 18 ] CVE-2013-0761
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761
[ 19 ] CVE-2013-0762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762
[ 20 ] CVE-2013-0763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763
[ 21 ] CVE-2013-0764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764
[ 22 ] CVE-2013-0765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765
[ 23 ] CVE-2013-0766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766
[ 24 ] CVE-2013-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767
[ 25 ] CVE-2013-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768
[ 26 ] CVE-2013-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769
[ 27 ] CVE-2013-0770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770
[ 28 ] CVE-2013-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771
[ 29 ] CVE-2013-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772
[ 30 ] CVE-2013-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773
[ 31 ] CVE-2013-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774
[ 32 ] CVE-2013-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775
[ 33 ] CVE-2013-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776
[ 34 ] CVE-2013-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777
[ 35 ] CVE-2013-0778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778
[ 36 ] CVE-2013-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779
[ 37 ] CVE-2013-0780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780
[ 38 ] CVE-2013-0781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781
[ 39 ] CVE-2013-0782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782
[ 40 ] CVE-2013-0783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783
[ 41 ] CVE-2013-0784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784
[ 42 ] CVE-2013-0787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787
[ 43 ] CVE-2013-0788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788
[ 44 ] CVE-2013-0789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789
[ 45 ] CVE-2013-0791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791
[ 46 ] CVE-2013-0792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792
[ 47 ] CVE-2013-0793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793
[ 48 ] CVE-2013-0794
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794
[ 49 ] CVE-2013-0795
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795
[ 50 ] CVE-2013-0796
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796
[ 51 ] CVE-2013-0797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797
[ 52 ] CVE-2013-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799
[ 53 ] CVE-2013-0800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800
[ 54 ] CVE-2013-0801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801
[ 55 ] CVE-2013-1670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670
[ 56 ] CVE-2013-1671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671
[ 57 ] CVE-2013-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674
[ 58 ] CVE-2013-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675
[ 59 ] CVE-2013-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676
[ 60 ] CVE-2013-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677
[ 61 ] CVE-2013-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678
[ 62 ] CVE-2013-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679
[ 63 ] CVE-2013-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680
[ 64 ] CVE-2013-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681
[ 65 ] CVE-2013-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682
[ 66 ] CVE-2013-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684
[ 67 ] CVE-2013-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687
[ 68 ] CVE-2013-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690
[ 69 ] CVE-2013-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692
[ 70 ] CVE-2013-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693
[ 71 ] CVE-2013-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694
[ 72 ] CVE-2013-1697
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697
[ 73 ] CVE-2013-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701
[ 74 ] CVE-2013-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702
[ 75 ] CVE-2013-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704
[ 76 ] CVE-2013-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705
[ 77 ] CVE-2013-1707
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707
[ 78 ] CVE-2013-1708
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708
[ 79 ] CVE-2013-1709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709
[ 80 ] CVE-2013-1710
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710
[ 81 ] CVE-2013-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711
[ 82 ] CVE-2013-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712
[ 83 ] CVE-2013-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713
[ 84 ] CVE-2013-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714
[ 85 ] CVE-2013-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717
[ 86 ] CVE-2013-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718
[ 87 ] CVE-2013-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719
[ 88 ] CVE-2013-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720
[ 89 ] CVE-2013-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722
[ 90 ] CVE-2013-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723
[ 91 ] CVE-2013-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724
[ 92 ] CVE-2013-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725
[ 93 ] CVE-2013-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726
[ 94 ] CVE-2013-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728
[ 95 ] CVE-2013-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730
[ 96 ] CVE-2013-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732
[ 97 ] CVE-2013-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735
[ 98 ] CVE-2013-1736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736
[ 99 ] CVE-2013-1737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737
[ 100 ] CVE-2013-1738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738

Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-23.xml

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


--EXRWjeH6HMTqX2dxlnueR95DWSr5A6V22
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

 

TOP