[ GLSA 201504-01 ] Mozilla Products

[GLSA]

Gentoo Linux Security Advisory

Title: Mozilla Products: Multiple vulnerabilities (GLSA 201504-01)
Severity: normal
Exploitable: remote
Date: April 07, 2015
Updated: April 08, 2015
Bug(s): #489796, #491234, #493850, #500320, #505072, #509050, #512896, #517876, #522020, #523652, #525474, #531408, #536564, #541316, #544056
ID: 201504-01

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, the worst of which may allow user-assisted
execution of arbitrary code.


Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
open-source email client, both from the Mozilla Project. The SeaMonkey
project is a community effort to deliver production-quality releases of
code derived from the application formerly known as the ‘Mozilla
Application Suite’.


Affected Packages

Package: www-client/firefox
Vulnerable: < 31.5.3
Unaffected: >= 31.5.3
Architectures: All supported architectures

Package: www-client/firefox-bin
Vulnerable: < 31.5.3
Unaffected: >= 31.5.3
Architectures: All supported architectures

Package: mail-client/thunderbird
Vulnerable: < 31.5.0
Unaffected: >= 31.5.0
Architectures: All supported architectures

Package: mail-client/thunderbird-bin
Vulnerable: < 31.5.0
Unaffected: >= 31.5.0
Architectures: All supported architectures

Package: www-client/seamonkey
Vulnerable: < 2.33.1
Unaffected: >= 2.33.1
Architectures: All supported architectures

Package: www-client/seamonkey-bin
Vulnerable: < 2.33.1
Unaffected: >= 2.33.1
Architectures: All supported architectures

Package: dev-libs/nspr
Vulnerable: < 4.10.6
Unaffected: >= 4.10.6
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
and SeaMonkey. Please review the CVE identifiers referenced below for
details.


Impact

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impact.


Workaround

There are no known workarounds at this time.

Resolution

All firefox users should upgrade to the latest version: