Gentoo: GLSA-201605-06: Mozilla Products: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"
All users of the Thunderbird binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0"
All Firefox 38.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"
All users of the Firefox 38.7.x binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"
References
[ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201605-06
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code.
Background
Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages
Impact
===== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts.
Workaround
There is no known workaround at this time.