Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1582

PostPosted: Fri Sep 27, 2013 9:26 pm    Post subject: [ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilitie Reply with quote

Gentoo Linux Security Advisory

Title: Mozilla Products: Multiple vulnerabilities (GLSA 201309-23)
Severity: high
Exploitable: remote
Date: September 27, 2013
Bug(s): #450940, #458390, #460818, #464226, #469868, #474758, #479968, #485258
ID: 201309-23

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.


Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
‘Mozilla Application Suite’.


Affected Packages

Package: mail-client/thunderbird
Vulnerable: < 17.0.9
Unaffected: >= 17.0.9
Architectures: All supported architectures

Package: www-client/firefox
Vulnerable: < 17.0.9
Unaffected: >= 17.0.9
Architectures: All supported architectures

Package: www-client/seamonkey
Vulnerable: < 2.21
Unaffected: >= 2.21
Architectures: All supported architectures

Package: mail-client/thunderbird-bin
Vulnerable: < 17.0.9
Unaffected: >= 17.0.9
Architectures: All supported architectures

Package: www-client/firefox-bin
Vulnerable: < 17.0.9
Unaffected: >= 17.0.9
Architectures: All supported architectures

Package: www-client/seamonkey-bin
Vulnerable: < 2.21
Unaffected: >= 2.21
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
below for details.


Impact

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Further, a remote attacker could conduct XSS
attacks, spoof URLs, bypass address space layout randomization, conduct
clickjacking attacks, obtain potentially sensitive information, bypass
access restrictions, modify the local filesystem, or conduct other
unspecified attacks.


Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"
   
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"
   
All Mozilla Thunderbird users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"
   
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-17.0.9"
   
All SeaMonkey users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"
   
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"
   


References

CVE-2013-0744
CVE-2013-0745
CVE-2013-0746
CVE-2013-0747
CVE-2013-0748
CVE-2013-0749
CVE-2013-0750
CVE-2013-0751
CVE-2013-0752
CVE-2013-0753
CVE-2013-0754
CVE-2013-0755
CVE-2013-0756
CVE-2013-0757
CVE-2013-0758
CVE-2013-0759
CVE-2013-0760
CVE-2013-0761
CVE-2013-0762
CVE-2013-0763
CVE-2013-0764
CVE-2013-0765
CVE-2013-0766
CVE-2013-0767
CVE-2013-0768
CVE-2013-0769
CVE-2013-0770
CVE-2013-0771
CVE-2013-0772
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0777
CVE-2013-0778
CVE-2013-0779
CVE-2013-0780
CVE-2013-0781
CVE-2013-0782
CVE-2013-0783
CVE-2013-0784
CVE-2013-0787
CVE-2013-0788
CVE-2013-0789
CVE-2013-0791
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0797
CVE-2013-0799
CVE-2013-0800
CVE-2013-0801
CVE-2013-1670
CVE-2013-1671
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
CVE-2013-1682
CVE-2013-1684
CVE-2013-1687
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1694
CVE-2013-1697
CVE-2013-1701
CVE-2013-1702
CVE-2013-1704
CVE-2013-1705
CVE-2013-1707
CVE-2013-1708
CVE-2013-1709
CVE-2013-1710
CVE-2013-1711
CVE-2013-1712
CVE-2013-1713
CVE-2013-1714
CVE-2013-1717
CVE-2013-1718
CVE-2013-1719
CVE-2013-1720
CVE-2013-1722
CVE-2013-1723
CVE-2013-1724
CVE-2013-1725
CVE-2013-1726
CVE-2013-1728
CVE-2013-1730
CVE-2013-1732
CVE-2013-1735
CVE-2013-1736
CVE-2013-1737
CVE-2013-1738
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum