- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201605-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Mozilla Products: Multiple vulnerabilities
     Date: May 31, 2016
     Bugs: #549356, #557590, #559186, #561246, #563230, #564834,
           #573074, #574596, #576862
       ID: 201605-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Firefox, Thunderbird,
Network Security Services (NSS), and NetScape Portable Runtime (NSPR)
with the worst of which may allow remote execution of arbitrary code.

Background
=========
Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
open-source email client, and the Network Security Service (NSS) is a
library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.  The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as
'Mozilla Application Suite'.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-libs/nspr                 < 4.12                     >= 4.12
  2  dev-libs/nss                 < 3.22.2                  >= 3.22.2
  3  mail-client/thunderbird      < 38.7.0                  >= 38.7.0
  4  mail-client/thunderbird-bin
                                  < 38.7.0                  >= 38.7.0
  5  www-client/firefox           < 38.7.0                  >= 38.7.0
  6  www-client/firefox-bin       < 38.7.0                  >= 38.7.0
    -------------------------------------------------------------------
     6 affected packages

Description
==========
Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR,
and Thunderbird. Please review the CVE identifiers referenced below for
details.

Impact
=====
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
spoof the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impacts.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All NSS users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"

All Thunderbird users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"

All users of the Thunderbird binary package should upgrade to the
latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0"

All Firefox 38.7.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"

All users of the Firefox 38.7.x binary package should upgrade to the
latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"

References
=========
[   1 ] CVE-2015-2708
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708
[   2 ] CVE-2015-2708
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708
[   3 ] CVE-2015-2709
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709
[   4 ] CVE-2015-2709
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709
[   5 ] CVE-2015-2710
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710
[   6 ] CVE-2015-2710
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710
[   7 ] CVE-2015-2711
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711
[   8 ] CVE-2015-2711
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711
[   9 ] CVE-2015-2712
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712
[  10 ] CVE-2015-2712
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712
[  11 ] CVE-2015-2713
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713
[  12 ] CVE-2015-2713
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713
[  13 ] CVE-2015-2714
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714
[  14 ] CVE-2015-2714
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714
[  15 ] CVE-2015-2715
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715
[  16 ] CVE-2015-2715
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715
[  17 ] CVE-2015-2716
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716
[  18 ] CVE-2015-2716
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716
[  19 ] CVE-2015-2717
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717
[  20 ] CVE-2015-2717
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717
[  21 ] CVE-2015-2718
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718
[  22 ] CVE-2015-2718
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718
[  23 ] CVE-2015-4473
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473
[  24 ] CVE-2015-4473
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473
[  25 ] CVE-2015-4474
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474
[  26 ] CVE-2015-4474
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474
[  27 ] CVE-2015-4475
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475
[  28 ] CVE-2015-4475
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475
[  29 ] CVE-2015-4477
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477
[  30 ] CVE-2015-4477
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477
[  31 ] CVE-2015-4478
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478
[  32 ] CVE-2015-4478
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478
[  33 ] CVE-2015-4479
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479
[  34 ] CVE-2015-4479
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479
[  35 ] CVE-2015-4480
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480
[  36 ] CVE-2015-4480
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480
[  37 ] CVE-2015-4481
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481
[  38 ] CVE-2015-4481
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481
[  39 ] CVE-2015-4482
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482
[  40 ] CVE-2015-4482
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482
[  41 ] CVE-2015-4483
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483
[  42 ] CVE-2015-4483
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483
[  43 ] CVE-2015-4484
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484
[  44 ] CVE-2015-4484
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484
[  45 ] CVE-2015-4485
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485
[  46 ] CVE-2015-4485
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485
[  47 ] CVE-2015-4486
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486
[  48 ] CVE-2015-4486
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486
[  49 ] CVE-2015-4487
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487
[  50 ] CVE-2015-4487
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487
[  51 ] CVE-2015-4488
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488
[  52 ] CVE-2015-4488
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488
[  53 ] CVE-2015-4489
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489
[  54 ] CVE-2015-4489
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489
[  55 ] CVE-2015-4490
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490
[  56 ] CVE-2015-4490
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490
[  57 ] CVE-2015-4491
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491
[  58 ] CVE-2015-4491
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491
[  59 ] CVE-2015-4492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492
[  60 ] CVE-2015-4492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492
[  61 ] CVE-2015-4493
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493
[  62 ] CVE-2015-4493
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493
[  63 ] CVE-2015-7181
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
[  64 ] CVE-2015-7182
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
[  65 ] CVE-2015-7183
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
[  66 ] CVE-2016-1523
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523
[  67 ] CVE-2016-1523
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523
[  68 ] CVE-2016-1930
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930
[  69 ] CVE-2016-1930
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930
[  70 ] CVE-2016-1931
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931
[  71 ] CVE-2016-1931
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931
[  72 ] CVE-2016-1933
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933
[  73 ] CVE-2016-1933
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933
[  74 ] CVE-2016-1935
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935
[  75 ] CVE-2016-1935
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935
[  76 ] CVE-2016-1937
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937
[  77 ] CVE-2016-1937
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937
[  78 ] CVE-2016-1938
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938
[  79 ] CVE-2016-1938
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938
[  80 ] CVE-2016-1939
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939
[  81 ] CVE-2016-1939
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939
[  82 ] CVE-2016-1940
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940
[  83 ] CVE-2016-1940
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940
[  84 ] CVE-2016-1941
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941
[  85 ] CVE-2016-1941
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941
[  86 ] CVE-2016-1942
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942
[  87 ] CVE-2016-1942
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942
[  88 ] CVE-2016-1943
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943
[  89 ] CVE-2016-1943
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943
[  90 ] CVE-2016-1944
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944
[  91 ] CVE-2016-1944
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944
[  92 ] CVE-2016-1945
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945
[  93 ] CVE-2016-1945
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945
[  94 ] CVE-2016-1946
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946
[  95 ] CVE-2016-1946
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946
[  96 ] CVE-2016-1947
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947
[  97 ] CVE-2016-1947
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947
[  98 ] CVE-2016-1948
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948
[  99 ] CVE-2016-1948
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948
[ 100 ] CVE-2016-1949
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949
[ 101 ] CVE-2016-1949
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949
[ 102 ] CVE-2016-1950
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950
[ 103 ] CVE-2016-1950
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950
[ 104 ] CVE-2016-1952
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952
[ 105 ] CVE-2016-1952
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952
[ 106 ] CVE-2016-1953
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953
[ 107 ] CVE-2016-1953
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953
[ 108 ] CVE-2016-1954
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954
[ 109 ] CVE-2016-1954
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954
[ 110 ] CVE-2016-1955
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955
[ 111 ] CVE-2016-1955
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955
[ 112 ] CVE-2016-1956
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956
[ 113 ] CVE-2016-1956
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956
[ 114 ] CVE-2016-1957
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957
[ 115 ] CVE-2016-1957
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957
[ 116 ] CVE-2016-1958
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958
[ 117 ] CVE-2016-1958
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958
[ 118 ] CVE-2016-1959
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959
[ 119 ] CVE-2016-1959
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959
[ 120 ] CVE-2016-1960
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960
[ 121 ] CVE-2016-1960
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960
[ 122 ] CVE-2016-1961
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961
[ 123 ] CVE-2016-1961
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961
[ 124 ] CVE-2016-1962
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962
[ 125 ] CVE-2016-1962
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962
[ 126 ] CVE-2016-1963
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963
[ 127 ] CVE-2016-1963
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963
[ 128 ] CVE-2016-1964
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964
[ 129 ] CVE-2016-1964
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964
[ 130 ] CVE-2016-1965
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965
[ 131 ] CVE-2016-1965
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965
[ 132 ] CVE-2016-1966
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966
[ 133 ] CVE-2016-1966
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966
[ 134 ] CVE-2016-1967
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967
[ 135 ] CVE-2016-1967
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967
[ 136 ] CVE-2016-1968
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968
[ 137 ] CVE-2016-1968
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968
[ 138 ] CVE-2016-1969
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969
[ 139 ] CVE-2016-1969
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969
[ 140 ] CVE-2016-1970
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970
[ 141 ] CVE-2016-1970
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970
[ 142 ] CVE-2016-1971
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971
[ 143 ] CVE-2016-1971
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971
[ 144 ] CVE-2016-1972
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972
[ 145 ] CVE-2016-1972
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972
[ 146 ] CVE-2016-1973
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973
[ 147 ] CVE-2016-1973
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973
[ 148 ] CVE-2016-1974
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974
[ 149 ] CVE-2016-1974
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974
[ 150 ] CVE-2016-1975
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975
[ 151 ] CVE-2016-1975
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975
[ 152 ] CVE-2016-1976
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976
[ 153 ] CVE-2016-1976
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976
[ 154 ] CVE-2016-1977
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977
[ 155 ] CVE-2016-1977
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977
[ 156 ] CVE-2016-1978
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978
[ 157 ] CVE-2016-1978
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978
[ 158 ] CVE-2016-1979
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979
[ 159 ] CVE-2016-1979
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979
[ 160 ] CVE-2016-2790
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790
[ 161 ] CVE-2016-2790
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790
[ 162 ] CVE-2016-2791
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791
[ 163 ] CVE-2016-2791
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791
[ 164 ] CVE-2016-2792
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792
[ 165 ] CVE-2016-2792
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792
[ 166 ] CVE-2016-2793
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793
[ 167 ] CVE-2016-2793
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793
[ 168 ] CVE-2016-2794
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794
[ 169 ] CVE-2016-2794
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794
[ 170 ] CVE-2016-2795
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795
[ 171 ] CVE-2016-2795
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795
[ 172 ] CVE-2016-2796
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796
[ 173 ] CVE-2016-2796
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796
[ 174 ] CVE-2016-2797
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797
[ 175 ] CVE-2016-2797
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797
[ 176 ] CVE-2016-2798
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798
[ 177 ] CVE-2016-2798
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798
[ 178 ] CVE-2016-2799
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799
[ 179 ] CVE-2016-2799
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799
[ 180 ] CVE-2016-2800
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800
[ 181 ] CVE-2016-2800
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800
[ 182 ] CVE-2016-2801
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801
[ 183 ] CVE-2016-2801
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801
[ 184 ] CVE-2016-2802
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802
[ 185 ] CVE-2016-2802
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201605-06

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201605-06: Mozilla Products: Multiple vulnerabilities

Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote exe...

Summary

Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details.

Resolution

All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"
All Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"
All users of the Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0"
All Firefox 38.7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"
All users of the Firefox 38.7.x binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"

References

[ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201605-06

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Mozilla Products: Multiple vulnerabilities
Date: May 31, 2016
Bugs: #549356, #557590, #559186, #561246, #563230, #564834,
ID: 201605-06

Synopsis

Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code.

Background

Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages

Impact

===== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved