Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201309-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: High

Title: Mozilla Products: Multiple vulnerabilities

Date: September 27, 2013

Bugs: #450940, #458390, #460818, #464226, #469868, #474758,

#479968, #485258

ID: 201309-23

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been found in Mozilla Firefox,

Thunderbird, and SeaMonkey, some of which may allow a remote user to

execute arbitrary code.

 

Background

==========

 

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird

an open-source email client, both from the Mozilla Project. The

SeaMonkey project is a community effort to deliver production-quality

releases of code derived from the application formerly known as the

'Mozilla Application Suite'.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 mail-client/thunderbird < 17.0.9 >= 17.0.9

2 www-client/firefox < 17.0.9 >= 17.0.9

3 www-client/seamonkey < 2.21 >= 2.21

4 mail-client/thunderbird-bin

< 17.0.9 >= 17.0.9

5 www-client/firefox-bin < 17.0.9 >= 17.0.9

6 www-client/seamonkey-bin

< 2.21 >= 2.21

-------------------------------------------------------------------

6 affected packages

 

Description

===========

 

Multiple vulnerabilities have been discovered in Mozilla Firefox,

Thunderbird, and SeaMonkey. Please review the CVE identifiers

referenced below for details.

 

Impact

======

 

A remote attacker could entice a user to view a specially crafted web

page or email, possibly resulting in execution of arbitrary code or a

Denial of Service condition. Further, a remote attacker could conduct

XSS attacks, spoof URLs, bypass address space layout randomization,

conduct clickjacking attacks, obtain potentially sensitive information,

bypass access restrictions, modify the local filesystem, or conduct

other unspecified attacks.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Mozilla Firefox users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"

 

All users of the Mozilla Firefox binary package should upgrade to the

latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"

 

All Mozilla Thunderbird users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"

 

All users of the Mozilla Thunderbird binary package should upgrade to

the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9"

 

All SeaMonkey users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"

 

All users of the Mozilla SeaMonkey binary package should upgrade to the

latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"

 

References

==========

 

[ 1 ] CVE-2013-0744

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744

[ 2 ] CVE-2013-0745

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745

[ 3 ] CVE-2013-0746

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746

[ 4 ] CVE-2013-0747

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747

[ 5 ] CVE-2013-0748

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748

[ 6 ] CVE-2013-0749

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749

[ 7 ] CVE-2013-0750

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750

[ 8 ] CVE-2013-0751

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751

[ 9 ] CVE-2013-0752

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752

[ 10 ] CVE-2013-0753

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753

[ 11 ] CVE-2013-0754

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754

[ 12 ] CVE-2013-0755

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755

[ 13 ] CVE-2013-0756

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756

[ 14 ] CVE-2013-0757

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757

[ 15 ] CVE-2013-0758

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758

[ 16 ] CVE-2013-0759

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759

[ 17 ] CVE-2013-0760

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760

[ 18 ] CVE-2013-0761

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761

[ 19 ] CVE-2013-0762

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762

[ 20 ] CVE-2013-0763

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763

[ 21 ] CVE-2013-0764

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764

[ 22 ] CVE-2013-0765

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765

[ 23 ] CVE-2013-0766

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766

[ 24 ] CVE-2013-0767

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767

[ 25 ] CVE-2013-0768

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768

[ 26 ] CVE-2013-0769

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769

[ 27 ] CVE-2013-0770

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770

[ 28 ] CVE-2013-0771

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771

[ 29 ] CVE-2013-0772

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772

[ 30 ] CVE-2013-0773

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773

[ 31 ] CVE-2013-0774

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774

[ 32 ] CVE-2013-0775

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775

[ 33 ] CVE-2013-0776

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776

[ 34 ] CVE-2013-0777

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777

[ 35 ] CVE-2013-0778

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778

[ 36 ] CVE-2013-0779

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779

[ 37 ] CVE-2013-0780

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780

[ 38 ] CVE-2013-0781

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781

[ 39 ] CVE-2013-0782

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782

[ 40 ] CVE-2013-0783

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783

[ 41 ] CVE-2013-0784

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784

[ 42 ] CVE-2013-0787

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787

[ 43 ] CVE-2013-0788

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788

[ 44 ] CVE-2013-0789

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789

[ 45 ] CVE-2013-0791

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791

[ 46 ] CVE-2013-0792

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792

[ 47 ] CVE-2013-0793

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793

[ 48 ] CVE-2013-0794

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794

[ 49 ] CVE-2013-0795

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795

[ 50 ] CVE-2013-0796

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796

[ 51 ] CVE-2013-0797

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797

[ 52 ] CVE-2013-0799

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799

[ 53 ] CVE-2013-0800

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800

[ 54 ] CVE-2013-0801

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801

[ 55 ] CVE-2013-1670

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670

[ 56 ] CVE-2013-1671

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671

[ 57 ] CVE-2013-1674

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674

[ 58 ] CVE-2013-1675

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675

[ 59 ] CVE-2013-1676

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676

[ 60 ] CVE-2013-1677

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677

[ 61 ] CVE-2013-1678

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678

[ 62 ] CVE-2013-1679

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679

[ 63 ] CVE-2013-1680

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680

[ 64 ] CVE-2013-1681

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681

[ 65 ] CVE-2013-1682

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682

[ 66 ] CVE-2013-1684

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684

[ 67 ] CVE-2013-1687

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687

[ 68 ] CVE-2013-1690

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690

[ 69 ] CVE-2013-1692

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692

[ 70 ] CVE-2013-1693

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693

[ 71 ] CVE-2013-1694

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694

[ 72 ] CVE-2013-1697

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697

[ 73 ] CVE-2013-1701

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701

[ 74 ] CVE-2013-1702

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702

[ 75 ] CVE-2013-1704

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704

[ 76 ] CVE-2013-1705

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705

[ 77 ] CVE-2013-1707

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707

[ 78 ] CVE-2013-1708

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708

[ 79 ] CVE-2013-1709

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709

[ 80 ] CVE-2013-1710

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710

[ 81 ] CVE-2013-1711

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711

[ 82 ] CVE-2013-1712

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712

[ 83 ] CVE-2013-1713

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713

[ 84 ] CVE-2013-1714

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714

[ 85 ] CVE-2013-1717

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717

[ 86 ] CVE-2013-1718

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718

[ 87 ] CVE-2013-1719

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719

[ 88 ] CVE-2013-1720

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720

[ 89 ] CVE-2013-1722

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722

[ 90 ] CVE-2013-1723

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723

[ 91 ] CVE-2013-1724

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724

[ 92 ] CVE-2013-1725

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725

[ 93 ] CVE-2013-1726

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726

[ 94 ] CVE-2013-1728

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728

[ 95 ] CVE-2013-1730

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730

[ 96 ] CVE-2013-1732

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732

[ 97 ] CVE-2013-1735

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735

[ 98 ] CVE-2013-1736

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736

[ 99 ] CVE-2013-1737

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737

[ 100 ] CVE-2013-1738

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201309-23.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2013 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×