– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201512-10
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: Normal
Title: Mozilla Products: Multiple vulnerabilities
Date: December 30, 2015
Bugs: #545232, #554036, #556942, #564818, #568376
ID: 201512-10
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird, the worst of which may allow user-assisted execution of
arbitrary code.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project.
Affected packages
=================
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/firefox < 38.5.0 >= 38.5.0
2 www-client/firefox-bin < 38.5.0 >= 38.5.0
3 mail-client/thunderbird < 38.5.0 >= 38.5.0
4 mail-client/thunderbird-bin
< 38.5.0 >= 38.5.0
——————————————————————-
4 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox and
Mozilla Thunderbird. Please review the CVE identifiers referenced below
for details.
Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Firefox users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=www-client/firefox-38.5.0”
All Firefox-bin users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=www-client/firefox-bin-38.5.0”
All Thunderbird users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=mail-client/thunderbird-38.5.0”
All Thunderbird-bin users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot -v “>=mail-client/thunderbird-bin-38.5.0”
References
==========
[ 1 ] CVE-2015-0798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798
[ 2 ] CVE-2015-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799
[ 3 ] CVE-2015-0801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801
[ 4 ] CVE-2015-0802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802
[ 5 ] CVE-2015-0803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803
[ 6 ] CVE-2015-0804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804
[ 7 ] CVE-2015-0805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805
[ 8 ] CVE-2015-0806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806
[ 9 ] CVE-2015-0807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807
[ 10 ] CVE-2015-0808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808
[ 11 ] CVE-2015-0810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810
[ 12 ] CVE-2015-0811
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811
[ 13 ] CVE-2015-0812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812
[ 14 ] CVE-2015-0813
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813
[ 15 ] CVE-2015-0814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814
[ 16 ] CVE-2015-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815
[ 17 ] CVE-2015-0816
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816
[ 18 ] CVE-2015-2706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706
[ 19 ] CVE-2015-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721
[ 20 ] CVE-2015-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722
[ 21 ] CVE-2015-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724
[ 22 ] CVE-2015-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725
[ 23 ] CVE-2015-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726
[ 24 ] CVE-2015-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727
[ 25 ] CVE-2015-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728
[ 26 ] CVE-2015-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729
[ 27 ] CVE-2015-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730
[ 28 ] CVE-2015-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731
[ 29 ] CVE-2015-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733
[ 30 ] CVE-2015-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734
[ 31 ] CVE-2015-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735
[ 32 ] CVE-2015-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736
[ 33 ] CVE-2015-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737
[ 34 ] CVE-2015-2738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738
[ 35 ] CVE-2015-2739
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739
[ 36 ] CVE-2015-2740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740
[ 37 ] CVE-2015-2741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741
[ 38 ] CVE-2015-2742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742
[ 39 ] CVE-2015-2743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743
[ 40 ] CVE-2015-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808
[ 41 ] CVE-2015-4000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 42 ] CVE-2015-4495
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495
[ 43 ] CVE-2015-4513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513
[ 44 ] CVE-2015-4514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514
[ 45 ] CVE-2015-4515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515
[ 46 ] CVE-2015-4518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518
[ 47 ] CVE-2015-7181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
[ 48 ] CVE-2015-7182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
[ 49 ] CVE-2015-7183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
[ 50 ] CVE-2015-7187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187
[ 51 ] CVE-2015-7188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188
[ 52 ] CVE-2015-7189
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189
[ 53 ] CVE-2015-7191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191
[ 54 ] CVE-2015-7192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192
[ 55 ] CVE-2015-7193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193
[ 56 ] CVE-2015-7194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194
[ 57 ] CVE-2015-7195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195
[ 58 ] CVE-2015-7196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196
[ 59 ] CVE-2015-7197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197
[ 60 ] CVE-2015-7198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198
[ 61 ] CVE-2015-7199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199
[ 62 ] CVE-2015-7200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200
[ 63 ] CVE-2015-7201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201
[ 64 ] CVE-2015-7202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202
[ 65 ] CVE-2015-7203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203
[ 66 ] CVE-2015-7204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204
[ 67 ] CVE-2015-7205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205
[ 68 ] CVE-2015-7207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207
[ 69 ] CVE-2015-7208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208
[ 70 ] CVE-2015-7210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210
[ 71 ] CVE-2015-7211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211
[ 72 ] CVE-2015-7212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212
[ 73 ] CVE-2015-7213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213
[ 74 ] CVE-2015-7214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214
[ 75 ] CVE-2015-7215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215
[ 76 ] CVE-2015-7216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216
[ 77 ] CVE-2015-7217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217
[ 78 ] CVE-2015-7218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218
[ 79 ] CVE-2015-7219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219
[ 80 ] CVE-2015-7220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220
[ 81 ] CVE-2015-7221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221
[ 82 ] CVE-2015-7222
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222
[ 83 ] CVE-2015-7223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201512-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org
iQEcBAEBCgAGBQJWg/j3AAoJEDkRiObnjK1y9VoH/1LVlFqlDtFI3qW4i1ZVu5tT
aeGoxB1Z+mGrCs3arlDt3CC8VAR62nNcye9gbgClA4lAUKffLo+JSpxgmGwfiY1m
xgocJLCF3LA9FM95vEsATL5cUgfDSeQkLMqWGDfWJxcC8RDdg1gzYypbjYOfcAib
RQPBvM8GxyVrMQF9WNDvqy2D0Kpi2A15WMQQVHH+r1mAjZbeWTPUkJDbeG8BFbTu
I01Yje+Q3NmbG5NNOBW32kfX86ob4W1AWc5H+RgFpzhsyDpS6IFTSP5H8uhyoxhu
zt+l1FBPFnTFmATfR/Pp9NH/J6P7D2ThaW/6ZAVFz/g5Y+naYXQ2sGdYA++YBI4=
=nOVt
—–END PGP SIGNATURE—–