- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201512-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Mozilla Products: Multiple vulnerabilities
     Date: December 30, 2015
     Bugs: #545232, #554036, #556942, #564818, #568376
       ID: 201512-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird, the worst of which may allow user-assisted execution of
arbitrary code.

Background
=========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/firefox           < 38.5.0                  >= 38.5.0
  2  www-client/firefox-bin       < 38.5.0                  >= 38.5.0
  3  mail-client/thunderbird      < 38.5.0                  >= 38.5.0
  4  mail-client/thunderbird-bin
                                  < 38.5.0                  >= 38.5.0
    -------------------------------------------------------------------
     4 affected packages

Description
==========
Multiple vulnerabilities have been discovered in Mozilla Firefox and
Mozilla Thunderbird. Please review the CVE identifiers referenced below
for details.

Impact
=====
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All  Firefox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"

All  Firefox-bin users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"

All  Thunderbird users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"

All  Thunderbird-bin users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"

References
=========
[  1 ] CVE-2015-0798
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798
[  2 ] CVE-2015-0799
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799
[  3 ] CVE-2015-0801
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801
[  4 ] CVE-2015-0802
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802
[  5 ] CVE-2015-0803
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803
[  6 ] CVE-2015-0804
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804
[  7 ] CVE-2015-0805
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805
[  8 ] CVE-2015-0806
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806
[  9 ] CVE-2015-0807
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807
[ 10 ] CVE-2015-0808
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808
[ 11 ] CVE-2015-0810
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810
[ 12 ] CVE-2015-0811
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811
[ 13 ] CVE-2015-0812
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812
[ 14 ] CVE-2015-0813
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813
[ 15 ] CVE-2015-0814
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814
[ 16 ] CVE-2015-0815
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815
[ 17 ] CVE-2015-0816
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816
[ 18 ] CVE-2015-2706
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706
[ 19 ] CVE-2015-2721
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721
[ 20 ] CVE-2015-2722
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722
[ 21 ] CVE-2015-2724
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724
[ 22 ] CVE-2015-2725
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725
[ 23 ] CVE-2015-2726
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726
[ 24 ] CVE-2015-2727
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727
[ 25 ] CVE-2015-2728
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728
[ 26 ] CVE-2015-2729
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729
[ 27 ] CVE-2015-2730
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730
[ 28 ] CVE-2015-2731
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731
[ 29 ] CVE-2015-2733
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733
[ 30 ] CVE-2015-2734
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734
[ 31 ] CVE-2015-2735
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735
[ 32 ] CVE-2015-2736
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736
[ 33 ] CVE-2015-2737
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737
[ 34 ] CVE-2015-2738
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738
[ 35 ] CVE-2015-2739
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739
[ 36 ] CVE-2015-2740
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740
[ 37 ] CVE-2015-2741
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741
[ 38 ] CVE-2015-2742
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742
[ 39 ] CVE-2015-2743
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743
[ 40 ] CVE-2015-2808
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808
[ 41 ] CVE-2015-4000
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 42 ] CVE-2015-4495
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495
[ 43 ] CVE-2015-4513
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513
[ 44 ] CVE-2015-4514
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514
[ 45 ] CVE-2015-4515
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515
[ 46 ] CVE-2015-4518
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518
[ 47 ] CVE-2015-7181
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
[ 48 ] CVE-2015-7182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
[ 49 ] CVE-2015-7183
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
[ 50 ] CVE-2015-7187
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187
[ 51 ] CVE-2015-7188
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188
[ 52 ] CVE-2015-7189
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189
[ 53 ] CVE-2015-7191
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191
[ 54 ] CVE-2015-7192
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192
[ 55 ] CVE-2015-7193
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193
[ 56 ] CVE-2015-7194
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194
[ 57 ] CVE-2015-7195
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195
[ 58 ] CVE-2015-7196
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196
[ 59 ] CVE-2015-7197
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197
[ 60 ] CVE-2015-7198
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198
[ 61 ] CVE-2015-7199
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199
[ 62 ] CVE-2015-7200
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200
[ 63 ] CVE-2015-7201
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201
[ 64 ] CVE-2015-7202
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202
[ 65 ] CVE-2015-7203
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203
[ 66 ] CVE-2015-7204
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204
[ 67 ] CVE-2015-7205
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205
[ 68 ] CVE-2015-7207
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207
[ 69 ] CVE-2015-7208
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208
[ 70 ] CVE-2015-7210
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210
[ 71 ] CVE-2015-7211
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211
[ 72 ] CVE-2015-7212
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212
[ 73 ] CVE-2015-7213
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213
[ 74 ] CVE-2015-7214
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214
[ 75 ] CVE-2015-7215
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215
[ 76 ] CVE-2015-7216
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216
[ 77 ] CVE-2015-7217
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217
[ 78 ] CVE-2015-7218
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218
[ 79 ] CVE-2015-7219
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219
[ 80 ] CVE-2015-7220
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220
[ 81 ] CVE-2015-7221
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221
[ 82 ] CVE-2015-7222
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222
[ 83 ] CVE-2015-7223
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201512-10

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201512-10: Mozilla Products: Multiple vulnerabilities

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code

Summary

Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

Resolution

All Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
All Firefox-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
All Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
All Thunderbird-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"

References

[ 1 ] CVE-2015-0798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798 [ 2 ] CVE-2015-0799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799 [ 3 ] CVE-2015-0801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801 [ 4 ] CVE-2015-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802 [ 5 ] CVE-2015-0803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803 [ 6 ] CVE-2015-0804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804 [ 7 ] CVE-2015-0805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805 [ 8 ] CVE-2015-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806 [ 9 ] CVE-2015-0807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807 [ 10 ] CVE-2015-0808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808 [ 11 ] CVE-2015-0810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810 [ 12 ] CVE-2015-0811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811 [ 13 ] CVE-2015-0812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812 [ 14 ] CVE-2015-0813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813 [ 15 ] CVE-2015-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814 [ 16 ] CVE-2015-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815 [ 17 ] CVE-2015-0816 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816 [ 18 ] CVE-2015-2706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706 [ 19 ] CVE-2015-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721 [ 20 ] CVE-2015-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722 [ 21 ] CVE-2015-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724 [ 22 ] CVE-2015-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725 [ 23 ] CVE-2015-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726 [ 24 ] CVE-2015-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727 [ 25 ] CVE-2015-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728 [ 26 ] CVE-2015-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729 [ 27 ] CVE-2015-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730 [ 28 ] CVE-2015-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731 [ 29 ] CVE-2015-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733 [ 30 ] CVE-2015-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734 [ 31 ] CVE-2015-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735 [ 32 ] CVE-2015-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736 [ 33 ] CVE-2015-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737 [ 34 ] CVE-2015-2738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738 [ 35 ] CVE-2015-2739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739 [ 36 ] CVE-2015-2740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740 [ 37 ] CVE-2015-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741 [ 38 ] CVE-2015-2742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742 [ 39 ] CVE-2015-2743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743 [ 40 ] CVE-2015-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808 [ 41 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 42 ] CVE-2015-4495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495 [ 43 ] CVE-2015-4513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513 [ 44 ] CVE-2015-4514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514 [ 45 ] CVE-2015-4515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515 [ 46 ] CVE-2015-4518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518 [ 47 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 48 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 49 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 50 ] CVE-2015-7187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187 [ 51 ] CVE-2015-7188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188 [ 52 ] CVE-2015-7189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189 [ 53 ] CVE-2015-7191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191 [ 54 ] CVE-2015-7192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192 [ 55 ] CVE-2015-7193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193 [ 56 ] CVE-2015-7194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194 [ 57 ] CVE-2015-7195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195 [ 58 ] CVE-2015-7196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196 [ 59 ] CVE-2015-7197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197 [ 60 ] CVE-2015-7198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198 [ 61 ] CVE-2015-7199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199 [ 62 ] CVE-2015-7200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200 [ 63 ] CVE-2015-7201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201 [ 64 ] CVE-2015-7202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202 [ 65 ] CVE-2015-7203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203 [ 66 ] CVE-2015-7204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204 [ 67 ] CVE-2015-7205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205 [ 68 ] CVE-2015-7207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207 [ 69 ] CVE-2015-7208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208 [ 70 ] CVE-2015-7210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210 [ 71 ] CVE-2015-7211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211 [ 72 ] CVE-2015-7212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212 [ 73 ] CVE-2015-7213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213 [ 74 ] CVE-2015-7214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214 [ 75 ] CVE-2015-7215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215 [ 76 ] CVE-2015-7216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216 [ 77 ] CVE-2015-7217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217 [ 78 ] CVE-2015-7218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218 [ 79 ] CVE-2015-7219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219 [ 80 ] CVE-2015-7220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220 [ 81 ] CVE-2015-7221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221 [ 82 ] CVE-2015-7222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222 [ 83 ] CVE-2015-7223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-10

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Mozilla Products: Multiple vulnerabilities
Date: December 30, 2015
Bugs: #545232, #554036, #556942, #564818, #568376
ID: 201512-10

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code.

Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 38.5.0 >= 38.5.0 2 www-client/firefox-bin < 38.5.0 >= 38.5.0 3 mail-client/thunderbird < 38.5.0 >= 38.5.0 4 mail-client/thunderbird-bin < 38.5.0 >= 38.5.0 ------------------------------------------------------------------- 4 affected packages

Impact

===== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved