Mozilla Products: Multiple vulnerabilities
Multiple vulnerabilities have been found in Firefox, Thunderbird,
Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
the worst of which may allow remote execution of arbitrary code.
firefox
2016-05-31
2017-01-20
549356
550288
557590
559186
561246
563230
564834
571086
573074
574596
576862
remote
4.12
4.12
3.22.2
3.22.2
38.7.0
38.7.0
38.7.0
38.7.0
38.7.0
38.7.0
38.7.0
38.7.0
Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
open-source email client, and the Network Security Service (NSS) is a
library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as
‘Mozilla Application Suite’.
Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and
Thunderbird. Please review the CVE identifiers referenced below for
details.
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impacts.
There is no known workaround at this time.
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"
All users of the Thunderbird binary package should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-38.7.0"
All Firefox 38.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"
All users of the Firefox 38.7.x binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"
CVE-2015-2708
CVE-2015-2708
CVE-2015-2709
CVE-2015-2709
CVE-2015-2710
CVE-2015-2710
CVE-2015-2711
CVE-2015-2711
CVE-2015-2712
CVE-2015-2712
CVE-2015-2713
CVE-2015-2713
CVE-2015-2714
CVE-2015-2714
CVE-2015-2715
CVE-2015-2715
CVE-2015-2716
CVE-2015-2716
CVE-2015-2717
CVE-2015-2717
CVE-2015-2718
CVE-2015-2718
CVE-2015-2721
CVE-2015-4000
CVE-2015-4473
CVE-2015-4473
CVE-2015-4474
CVE-2015-4474
CVE-2015-4475
CVE-2015-4475
CVE-2015-4477
CVE-2015-4477
CVE-2015-4478
CVE-2015-4478
CVE-2015-4479
CVE-2015-4479
CVE-2015-4480
CVE-2015-4480
CVE-2015-4481
CVE-2015-4481
CVE-2015-4482
CVE-2015-4482
CVE-2015-4483
CVE-2015-4483
CVE-2015-4484
CVE-2015-4484
CVE-2015-4485
CVE-2015-4485
CVE-2015-4486
CVE-2015-4486
CVE-2015-4487
CVE-2015-4487
CVE-2015-4488
CVE-2015-4488
CVE-2015-4489
CVE-2015-4489
CVE-2015-4490
CVE-2015-4490
CVE-2015-4491
CVE-2015-4491
CVE-2015-4492
CVE-2015-4492
CVE-2015-4493
CVE-2015-4493
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
CVE-2015-7575
CVE-2016-1523
CVE-2016-1523
CVE-2016-1930
CVE-2016-1930
CVE-2016-1931
CVE-2016-1931
CVE-2016-1933
CVE-2016-1933
CVE-2016-1935
CVE-2016-1935
CVE-2016-1937
CVE-2016-1937
CVE-2016-1938
CVE-2016-1938
CVE-2016-1939
CVE-2016-1939
CVE-2016-1940
CVE-2016-1940
CVE-2016-1941
CVE-2016-1941
CVE-2016-1942
CVE-2016-1942
CVE-2016-1943
CVE-2016-1943
CVE-2016-1944
CVE-2016-1944
CVE-2016-1945
CVE-2016-1945
CVE-2016-1946
CVE-2016-1946
CVE-2016-1947
CVE-2016-1947
CVE-2016-1948
CVE-2016-1948
CVE-2016-1949
CVE-2016-1949
CVE-2016-1950
CVE-2016-1950
CVE-2016-1952
CVE-2016-1952
CVE-2016-1953
CVE-2016-1953
CVE-2016-1954
CVE-2016-1954
CVE-2016-1955
CVE-2016-1955
CVE-2016-1956
CVE-2016-1956
CVE-2016-1957
CVE-2016-1957
CVE-2016-1958
CVE-2016-1958
CVE-2016-1959
CVE-2016-1959
CVE-2016-1960
CVE-2016-1960
CVE-2016-1961
CVE-2016-1961
CVE-2016-1962
CVE-2016-1962
CVE-2016-1963
CVE-2016-1963
CVE-2016-1964
CVE-2016-1964
CVE-2016-1965
CVE-2016-1965
CVE-2016-1966
CVE-2016-1966
CVE-2016-1967
CVE-2016-1967
CVE-2016-1968
CVE-2016-1968
CVE-2016-1969
CVE-2016-1969
CVE-2016-1970
CVE-2016-1970
CVE-2016-1971
CVE-2016-1971
CVE-2016-1972
CVE-2016-1972
CVE-2016-1973
CVE-2016-1973
CVE-2016-1974
CVE-2016-1974
CVE-2016-1975
CVE-2016-1975
CVE-2016-1976
CVE-2016-1976
CVE-2016-1977
CVE-2016-1977
CVE-2016-1978
CVE-2016-1978
CVE-2016-1979
CVE-2016-1979
CVE-2016-2790
CVE-2016-2790
CVE-2016-2791
CVE-2016-2791
CVE-2016-2792
CVE-2016-2792
CVE-2016-2793
CVE-2016-2793
CVE-2016-2794
CVE-2016-2794
CVE-2016-2795
CVE-2016-2795
CVE-2016-2796
CVE-2016-2796
CVE-2016-2797
CVE-2016-2797
CVE-2016-2798
CVE-2016-2798
CVE-2016-2799
CVE-2016-2799
CVE-2016-2800
CVE-2016-2800
CVE-2016-2801
CVE-2016-2801
CVE-2016-2802
CVE-2016-2802
BlueKnight
b-man