- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201504-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Products: Multiple vulnerabilities Date: April 07, 2015 Bugs: #489796, #491234, #493850, #500320, #505072, #509050, #512896, #517876, #522020, #523652, #525474, #531408, #536564, #541316, #544056 ID: 201504-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 31.5.3 >= 31.5.3 2 www-client/firefox-bin < 31.5.3 >= 31.5.3 3 mail-client/thunderbird < 31.5.0 >= 31.5.0 4 mail-client/thunderbird-bin < 31.5.0 >= 31.5.0 5 www-client/seamonkey < 2.33.1 >= 2.33.1 6 www-client/seamonkey-bin < 2.33.1 >= 2.33.1 7 dev-libs/nspr < 4.10.6 >= 4.10.6 ------------------------------------------------------------------- 7 affected packages Description =========== Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There are no known workarounds at this time. Resolution ========== All firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3" All firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3" All thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0" All thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-31.5.0" All seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1" All seamonkey-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/seamonkey-bin-2.33.1" All nspr users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6" References ========== [ 1 ] CVE-2013-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741 [ 2 ] CVE-2013-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566 [ 3 ] CVE-2013-5590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590 [ 4 ] CVE-2013-5591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591 [ 5 ] CVE-2013-5592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592 [ 6 ] CVE-2013-5593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593 [ 7 ] CVE-2013-5595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595 [ 8 ] CVE-2013-5596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596 [ 9 ] CVE-2013-5597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597 [ 10 ] CVE-2013-5598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598 [ 11 ] CVE-2013-5599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599 [ 12 ] CVE-2013-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600 [ 13 ] CVE-2013-5601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601 [ 14 ] CVE-2013-5602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602 [ 15 ] CVE-2013-5603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603 [ 16 ] CVE-2013-5604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604 [ 17 ] CVE-2013-5605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605 [ 18 ] CVE-2013-5606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606 [ 19 ] CVE-2013-5607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607 [ 20 ] CVE-2013-5609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609 [ 21 ] CVE-2013-5610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610 [ 22 ] CVE-2013-5612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612 [ 23 ] CVE-2013-5613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613 [ 24 ] CVE-2013-5614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614 [ 25 ] CVE-2013-5615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615 [ 26 ] CVE-2013-5616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616 [ 27 ] CVE-2013-5618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618 [ 28 ] CVE-2013-5619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619 [ 29 ] CVE-2013-6671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671 [ 30 ] CVE-2013-6672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672 [ 31 ] CVE-2013-6673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673 [ 32 ] CVE-2014-1477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477 [ 33 ] CVE-2014-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478 [ 34 ] CVE-2014-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479 [ 35 ] CVE-2014-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480 [ 36 ] CVE-2014-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481 [ 37 ] CVE-2014-1482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482 [ 38 ] CVE-2014-1483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483 [ 39 ] CVE-2014-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485 [ 40 ] CVE-2014-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486 [ 41 ] CVE-2014-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487 [ 42 ] CVE-2014-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488 [ 43 ] CVE-2014-1489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489 [ 44 ] CVE-2014-1490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490 [ 45 ] CVE-2014-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491 [ 46 ] CVE-2014-1492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492 [ 47 ] CVE-2014-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493 [ 48 ] CVE-2014-1494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494 [ 49 ] CVE-2014-1496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496 [ 50 ] CVE-2014-1497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497 [ 51 ] CVE-2014-1498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498 [ 52 ] CVE-2014-1499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499 [ 53 ] CVE-2014-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500 [ 54 ] CVE-2014-1502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502 [ 55 ] CVE-2014-1505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505 [ 56 ] CVE-2014-1508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508 [ 57 ] CVE-2014-1509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509 [ 58 ] CVE-2014-1510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510 [ 59 ] CVE-2014-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511 [ 60 ] CVE-2014-1512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512 [ 61 ] CVE-2014-1513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513 [ 62 ] CVE-2014-1514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514 [ 63 ] CVE-2014-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518 [ 64 ] CVE-2014-1519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519 [ 65 ] CVE-2014-1520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520 [ 66 ] CVE-2014-1522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522 [ 67 ] CVE-2014-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523 [ 68 ] CVE-2014-1524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524 [ 69 ] CVE-2014-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525 [ 70 ] CVE-2014-1526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526 [ 71 ] CVE-2014-1529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529 [ 72 ] CVE-2014-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530 [ 73 ] CVE-2014-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531 [ 74 ] CVE-2014-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532 [ 75 ] CVE-2014-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533 [ 76 ] CVE-2014-1534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534 [ 77 ] CVE-2014-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536 [ 78 ] CVE-2014-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537 [ 79 ] CVE-2014-1538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538 [ 80 ] CVE-2014-1539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539 [ 81 ] CVE-2014-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540 [ 82 ] CVE-2014-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541 [ 83 ] CVE-2014-1542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542 [ 84 ] CVE-2014-1543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543 [ 85 ] CVE-2014-1544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544 [ 86 ] CVE-2014-1545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545 [ 87 ] CVE-2014-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547 [ 88 ] CVE-2014-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548 [ 89 ] CVE-2014-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549 [ 90 ] CVE-2014-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550 [ 91 ] CVE-2014-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551 [ 92 ] CVE-2014-1552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552 [ 93 ] CVE-2014-1553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553 [ 94 ] CVE-2014-1554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554 [ 95 ] CVE-2014-1555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555 [ 96 ] CVE-2014-1556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556 [ 97 ] CVE-2014-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557 [ 98 ] CVE-2014-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558 [ 99 ] CVE-2014-1559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559 [ 100 ] CVE-2014-1560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560 [ 101 ] CVE-2014-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561 [ 102 ] CVE-2014-1562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562 [ 103 ] CVE-2014-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563 [ 104 ] CVE-2014-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564 [ 105 ] CVE-2014-1565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565 [ 106 ] CVE-2014-1566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566 [ 107 ] CVE-2014-1567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567 [ 108 ] CVE-2014-1568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568 [ 109 ] CVE-2014-1574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574 [ 110 ] CVE-2014-1575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575 [ 111 ] CVE-2014-1576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576 [ 112 ] CVE-2014-1577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577 [ 113 ] CVE-2014-1578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578 [ 114 ] CVE-2014-1580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580 [ 115 ] CVE-2014-1581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581 [ 116 ] CVE-2014-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582 [ 117 ] CVE-2014-1583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583 [ 118 ] CVE-2014-1584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584 [ 119 ] CVE-2014-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585 [ 120 ] CVE-2014-1586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586 [ 121 ] CVE-2014-1587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587 [ 122 ] CVE-2014-1588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588 [ 123 ] CVE-2014-1589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589 [ 124 ] CVE-2014-1590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590 [ 125 ] CVE-2014-1591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591 [ 126 ] CVE-2014-1592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592 [ 127 ] CVE-2014-1593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593 [ 128 ] CVE-2014-1594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594 [ 129 ] CVE-2014-5369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369 [ 130 ] CVE-2014-8631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631 [ 131 ] CVE-2014-8632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632 [ 132 ] CVE-2014-8634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634 [ 133 ] CVE-2014-8635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635 [ 134 ] CVE-2014-8636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636 [ 135 ] CVE-2014-8637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637 [ 136 ] CVE-2014-8638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638 [ 137 ] CVE-2014-8639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639 [ 138 ] CVE-2014-8640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640 [ 139 ] CVE-2014-8641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641 [ 140 ] CVE-2014-8642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642 [ 141 ] CVE-2015-0817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817 [ 142 ] CVE-2015-0818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818 [ 143 ] CVE-2015-0819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819 [ 144 ] CVE-2015-0820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820 [ 145 ] CVE-2015-0821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821 [ 146 ] CVE-2015-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822 [ 147 ] CVE-2015-0823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823 [ 148 ] CVE-2015-0824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824 [ 149 ] CVE-2015-0825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825 [ 150 ] CVE-2015-0826 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826 [ 151 ] CVE-2015-0827 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827 [ 152 ] CVE-2015-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828 [ 153 ] CVE-2015-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829 [ 154 ] CVE-2015-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830 [ 155 ] CVE-2015-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831 [ 156 ] CVE-2015-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832 [ 157 ] CVE-2015-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833 [ 158 ] CVE-2015-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834 [ 159 ] CVE-2015-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835 [ 160 ] CVE-2015-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836 [ 161 ] VE-2014-1504 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201504-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5