Gentoo: GLSA-201512-10: Mozilla Products: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
Resolution
All Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
All Firefox-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
All Thunderbird-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"
References
[ 1 ] CVE-2015-0798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798 [ 2 ] CVE-2015-0799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799 [ 3 ] CVE-2015-0801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801 [ 4 ] CVE-2015-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802 [ 5 ] CVE-2015-0803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803 [ 6 ] CVE-2015-0804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804 [ 7 ] CVE-2015-0805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805 [ 8 ] CVE-2015-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806 [ 9 ] CVE-2015-0807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807 [ 10 ] CVE-2015-0808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808 [ 11 ] CVE-2015-0810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810 [ 12 ] CVE-2015-0811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811 [ 13 ] CVE-2015-0812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812 [ 14 ] CVE-2015-0813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813 [ 15 ] CVE-2015-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814 [ 16 ] CVE-2015-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815 [ 17 ] CVE-2015-0816 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816 [ 18 ] CVE-2015-2706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706 [ 19 ] CVE-2015-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721 [ 20 ] CVE-2015-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722 [ 21 ] CVE-2015-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724 [ 22 ] CVE-2015-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725 [ 23 ] CVE-2015-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726 [ 24 ] CVE-2015-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727 [ 25 ] CVE-2015-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728 [ 26 ] CVE-2015-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729 [ 27 ] CVE-2015-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730 [ 28 ] CVE-2015-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731 [ 29 ] CVE-2015-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733 [ 30 ] CVE-2015-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734 [ 31 ] CVE-2015-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735 [ 32 ] CVE-2015-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736 [ 33 ] CVE-2015-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737 [ 34 ] CVE-2015-2738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738 [ 35 ] CVE-2015-2739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739 [ 36 ] CVE-2015-2740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740 [ 37 ] CVE-2015-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741 [ 38 ] CVE-2015-2742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742 [ 39 ] CVE-2015-2743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743 [ 40 ] CVE-2015-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808 [ 41 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 42 ] CVE-2015-4495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495 [ 43 ] CVE-2015-4513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513 [ 44 ] CVE-2015-4514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514 [ 45 ] CVE-2015-4515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515 [ 46 ] CVE-2015-4518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518 [ 47 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 48 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 49 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 50 ] CVE-2015-7187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187 [ 51 ] CVE-2015-7188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188 [ 52 ] CVE-2015-7189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189 [ 53 ] CVE-2015-7191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191 [ 54 ] CVE-2015-7192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192 [ 55 ] CVE-2015-7193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193 [ 56 ] CVE-2015-7194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194 [ 57 ] CVE-2015-7195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195 [ 58 ] CVE-2015-7196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196 [ 59 ] CVE-2015-7197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197 [ 60 ] CVE-2015-7198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198 [ 61 ] CVE-2015-7199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199 [ 62 ] CVE-2015-7200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200 [ 63 ] CVE-2015-7201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201 [ 64 ] CVE-2015-7202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202 [ 65 ] CVE-2015-7203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203 [ 66 ] CVE-2015-7204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204 [ 67 ] CVE-2015-7205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205 [ 68 ] CVE-2015-7207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207 [ 69 ] CVE-2015-7208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208 [ 70 ] CVE-2015-7210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210 [ 71 ] CVE-2015-7211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211 [ 72 ] CVE-2015-7212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212 [ 73 ] CVE-2015-7213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213 [ 74 ] CVE-2015-7214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214 [ 75 ] CVE-2015-7215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215 [ 76 ] CVE-2015-7216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216 [ 77 ] CVE-2015-7217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217 [ 78 ] CVE-2015-7218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218 [ 79 ] CVE-2015-7219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219 [ 80 ] CVE-2015-7220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220 [ 81 ] CVE-2015-7221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221 [ 82 ] CVE-2015-7222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222 [ 83 ] CVE-2015-7223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201512-10
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
![Dist Gentoo](/images/distros/dist-gentoo.png)
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 38.5.0 >= 38.5.0 2 www-client/firefox-bin < 38.5.0 >= 38.5.0 3 mail-client/thunderbird < 38.5.0 >= 38.5.0 4 mail-client/thunderbird-bin < 38.5.0 >= 38.5.0 ------------------------------------------------------------------- 4 affected packages
Impact
===== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition.
Workaround
There is no known workaround at this time.