Home / mailingsPDF  

[gentoo-announce] [ GLSA 201504-01 ] Mozilla Products: Multiple vulnerabilities

Posted on 07 April 2015
Gentoo-announce

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3kC8GUjKVw6DIfPfROCgsrE4H4ORCp0kL
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201504-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Products: Multiple vulnerabilities
Date: April 07, 2015
Bugs: #489796, #491234, #493850, #500320, #505072, #509050,
#512896, #517876, #522020, #523652, #525474, #531408,
#536564, #541316, #544056
ID: 201504-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, the worst of which may allow user-assisted
execution of arbitrary code.

Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
=E2=80=98Mozilla Application Suite=E2=80=99.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 31.5.3 >= 31.5.3
2 www-client/firefox-bin < 31.5.3 >= 31.5.3
3 mail-client/thunderbird < 31.5.0 >= 31.5.0
4 mail-client/thunderbird-bin
< 31.5.0 >= 31.5.0
5 www-client/seamonkey < 2.33.1 >= 2.33.1
6 www-client/seamonkey-bin
< 2.33.1 >= 2.33.1
7 dev-libs/nspr < 4.10.6 >= 4.10.6
-------------------------------------------------------------------
7 affected packages

Description
===========
Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
and SeaMonkey. Please review the CVE identifiers referenced below for
details.

Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
spoof the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impact.

Workaround
==========
There are no known workarounds at this time.

Resolution
==========
All firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"

All firefox-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"

All thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"=

All thunderbird-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-31.5.0"

All seamonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"

All seamonkey-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/seamonkey-bin-2.33.1"

All nspr users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"

References
==========
[ 1 ] CVE-2013-1741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741
[ 2 ] CVE-2013-2566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566
[ 3 ] CVE-2013-5590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590
[ 4 ] CVE-2013-5591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591
[ 5 ] CVE-2013-5592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592
[ 6 ] CVE-2013-5593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593
[ 7 ] CVE-2013-5595
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595
[ 8 ] CVE-2013-5596
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596
[ 9 ] CVE-2013-5597
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597
[ 10 ] CVE-2013-5598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598
[ 11 ] CVE-2013-5599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599
[ 12 ] CVE-2013-5600
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600
[ 13 ] CVE-2013-5601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601
[ 14 ] CVE-2013-5602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602
[ 15 ] CVE-2013-5603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603
[ 16 ] CVE-2013-5604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604
[ 17 ] CVE-2013-5605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605
[ 18 ] CVE-2013-5606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606
[ 19 ] CVE-2013-5607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607
[ 20 ] CVE-2013-5609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609
[ 21 ] CVE-2013-5610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610
[ 22 ] CVE-2013-5612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612
[ 23 ] CVE-2013-5613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613
[ 24 ] CVE-2013-5614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614
[ 25 ] CVE-2013-5615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615
[ 26 ] CVE-2013-5616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616
[ 27 ] CVE-2013-5618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618
[ 28 ] CVE-2013-5619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619
[ 29 ] CVE-2013-6671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671
[ 30 ] CVE-2013-6672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672
[ 31 ] CVE-2013-6673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673
[ 32 ] CVE-2014-1477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477
[ 33 ] CVE-2014-1478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478
[ 34 ] CVE-2014-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479
[ 35 ] CVE-2014-1480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480
[ 36 ] CVE-2014-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481
[ 37 ] CVE-2014-1482
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482
[ 38 ] CVE-2014-1483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483
[ 39 ] CVE-2014-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485
[ 40 ] CVE-2014-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486
[ 41 ] CVE-2014-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487
[ 42 ] CVE-2014-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488
[ 43 ] CVE-2014-1489
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489
[ 44 ] CVE-2014-1490
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490
[ 45 ] CVE-2014-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491
[ 46 ] CVE-2014-1492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492
[ 47 ] CVE-2014-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493
[ 48 ] CVE-2014-1494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494
[ 49 ] CVE-2014-1496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496
[ 50 ] CVE-2014-1497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497
[ 51 ] CVE-2014-1498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498
[ 52 ] CVE-2014-1499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499
[ 53 ] CVE-2014-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500
[ 54 ] CVE-2014-1502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502
[ 55 ] CVE-2014-1505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505
[ 56 ] CVE-2014-1508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508
[ 57 ] CVE-2014-1509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509
[ 58 ] CVE-2014-1510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510
[ 59 ] CVE-2014-1511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511
[ 60 ] CVE-2014-1512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512
[ 61 ] CVE-2014-1513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513
[ 62 ] CVE-2014-1514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514
[ 63 ] CVE-2014-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518
[ 64 ] CVE-2014-1519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519
[ 65 ] CVE-2014-1520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520
[ 66 ] CVE-2014-1522
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522
[ 67 ] CVE-2014-1523
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523
[ 68 ] CVE-2014-1524
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524
[ 69 ] CVE-2014-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525
[ 70 ] CVE-2014-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526
[ 71 ] CVE-2014-1529
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529
[ 72 ] CVE-2014-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530
[ 73 ] CVE-2014-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531
[ 74 ] CVE-2014-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532
[ 75 ] CVE-2014-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533
[ 76 ] CVE-2014-1534
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534
[ 77 ] CVE-2014-1536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536
[ 78 ] CVE-2014-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537
[ 79 ] CVE-2014-1538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538
[ 80 ] CVE-2014-1539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539
[ 81 ] CVE-2014-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540
[ 82 ] CVE-2014-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541
[ 83 ] CVE-2014-1542
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542
[ 84 ] CVE-2014-1543
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543
[ 85 ] CVE-2014-1544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544
[ 86 ] CVE-2014-1545
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545
[ 87 ] CVE-2014-1547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547
[ 88 ] CVE-2014-1548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548
[ 89 ] CVE-2014-1549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549
[ 90 ] CVE-2014-1550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550
[ 91 ] CVE-2014-1551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551
[ 92 ] CVE-2014-1552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552
[ 93 ] CVE-2014-1553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553
[ 94 ] CVE-2014-1554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554
[ 95 ] CVE-2014-1555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555
[ 96 ] CVE-2014-1556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556
[ 97 ] CVE-2014-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557
[ 98 ] CVE-2014-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558
[ 99 ] CVE-2014-1559
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559
[ 100 ] CVE-2014-1560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560
[ 101 ] CVE-2014-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561
[ 102 ] CVE-2014-1562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562
[ 103 ] CVE-2014-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563
[ 104 ] CVE-2014-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564
[ 105 ] CVE-2014-1565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565
[ 106 ] CVE-2014-1566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566
[ 107 ] CVE-2014-1567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567
[ 108 ] CVE-2014-1568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568
[ 109 ] CVE-2014-1574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574
[ 110 ] CVE-2014-1575
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575
[ 111 ] CVE-2014-1576
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576
[ 112 ] CVE-2014-1577
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577
[ 113 ] CVE-2014-1578
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578
[ 114 ] CVE-2014-1580
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580
[ 115 ] CVE-2014-1581
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581
[ 116 ] CVE-2014-1582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582
[ 117 ] CVE-2014-1583
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583
[ 118 ] CVE-2014-1584
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584
[ 119 ] CVE-2014-1585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585
[ 120 ] CVE-2014-1586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586
[ 121 ] CVE-2014-1587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587
[ 122 ] CVE-2014-1588
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588
[ 123 ] CVE-2014-1589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589
[ 124 ] CVE-2014-1590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590
[ 125 ] CVE-2014-1591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591
[ 126 ] CVE-2014-1592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592
[ 127 ] CVE-2014-1593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593
[ 128 ] CVE-2014-1594
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594
[ 129 ] CVE-2014-5369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369
[ 130 ] CVE-2014-8631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631
[ 131 ] CVE-2014-8632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632
[ 132 ] CVE-2014-8634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634
[ 133 ] CVE-2014-8635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635
[ 134 ] CVE-2014-8636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636
[ 135 ] CVE-2014-8637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637
[ 136 ] CVE-2014-8638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638
[ 137 ] CVE-2014-8639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639
[ 138 ] CVE-2014-8640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640
[ 139 ] CVE-2014-8641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641
[ 140 ] CVE-2014-8642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642
[ 141 ] CVE-2015-0817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817
[ 142 ] CVE-2015-0818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818
[ 143 ] CVE-2015-0819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819
[ 144 ] CVE-2015-0820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820
[ 145 ] CVE-2015-0821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821
[ 146 ] CVE-2015-0822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822
[ 147 ] CVE-2015-0823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823
[ 148 ] CVE-2015-0824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824
[ 149 ] CVE-2015-0825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825
[ 150 ] CVE-2015-0826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826
[ 151 ] CVE-2015-0827
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827
[ 152 ] CVE-2015-0828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828
[ 153 ] CVE-2015-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829
[ 154 ] CVE-2015-0830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830
[ 155 ] CVE-2015-0831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831
[ 156 ] CVE-2015-0832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832
[ 157 ] CVE-2015-0833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833
[ 158 ] CVE-2015-0834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834
[ 159 ] CVE-2015-0835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835
[ 160 ] CVE-2015-0836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836
[ 161 ] VE-2014-1504


Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201504-01

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



--3kC8GUjKVw6DIfPfROCgsrE4H4ORCp0kL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

 

TOP