This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7A8bUTBMirNQzpVg5adgYghbeiBhQY57u Content-Type: multipart/mixed; boundary="4GxaTkejBLdgDiH1bCEPm2nyv1WJSpBWP"; protected-headers="v1" From: Thomas Deutschmann <whissi@gentoo.org> Reply-To: security@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: <88d3f26c-c900-9aca-eaa8-d7bcc3ee6e77@gentoo.org> Subject: [ GLSA 201810-01 ] Mozilla Firefox: Multiple vulnerabilities
--4GxaTkejBLdgDiH1bCEPm2nyv1WJSpBWP Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High Title: Mozilla Firefox: Multiple vulnerabilities Date: October 02, 2018 Bugs: #650422, #657976, #659432, #665496, #666760, #667612 ID: 201810-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.
Background ==========
Mozilla Firefox is a popular open-source web browser from the Mozilla Project.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 60.2.2 >= 60.2.2 2 www-client/firefox-bin < 60.2.2 >= 60.2.2 ------------------------------------------------------------------- 2 affected packages
Description ===========
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details.
Impact ======
A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-60.2.2"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.2.2"
References ==========
[ 1 ] CVE-2017-16541 https://nvd.nist.gov/vuln/detail/CVE-2017-16541 [ 2 ] CVE-2018-12358 https://nvd.nist.gov/vuln/detail/CVE-2018-12358 [ 3 ] CVE-2018-12359 https://nvd.nist.gov/vuln/detail/CVE-2018-12359 [ 4 ] CVE-2018-12360 https://nvd.nist.gov/vuln/detail/CVE-2018-12360 [ 5 ] CVE-2018-12361 https://nvd.nist.gov/vuln/detail/CVE-2018-12361 [ 6 ] CVE-2018-12362 https://nvd.nist.gov/vuln/detail/CVE-2018-12362 [ 7 ] CVE-2018-12363 https://nvd.nist.gov/vuln/detail/CVE-2018-12363 [ 8 ] CVE-2018-12364 https://nvd.nist.gov/vuln/detail/CVE-2018-12364 [ 9 ] CVE-2018-12365 https://nvd.nist.gov/vuln/detail/CVE-2018-12365 [ 10 ] CVE-2018-12366 https://nvd.nist.gov/vuln/detail/CVE-2018-12366 [ 11 ] CVE-2018-12367 https://nvd.nist.gov/vuln/detail/CVE-2018-12367 [ 12 ] CVE-2018-12368 https://nvd.nist.gov/vuln/detail/CVE-2018-12368 [ 13 ] CVE-2018-12369 https://nvd.nist.gov/vuln/detail/CVE-2018-12369 [ 14 ] CVE-2018-12370 https://nvd.nist.gov/vuln/detail/CVE-2018-12370 [ 15 ] CVE-2018-12371 https://nvd.nist.gov/vuln/detail/CVE-2018-12371 [ 16 ] CVE-2018-12376 https://nvd.nist.gov/vuln/detail/CVE-2018-12376 [ 17 ] CVE-2018-12377 https://nvd.nist.gov/vuln/detail/CVE-2018-12377 [ 18 ] CVE-2018-12378 https://nvd.nist.gov/vuln/detail/CVE-2018-12378 [ 19 ] CVE-2018-12379 https://nvd.nist.gov/vuln/detail/CVE-2018-12379 [ 20 ] CVE-2018-12381 https://nvd.nist.gov/vuln/detail/CVE-2018-12381 [ 21 ] CVE-2018-12383 https://nvd.nist.gov/vuln/detail/CVE-2018-12383 [ 22 ] CVE-2018-12385 https://nvd.nist.gov/vuln/detail/CVE-2018-12385 [ 23 ] CVE-2018-12386 https://nvd.nist.gov/vuln/detail/CVE-2018-12386 [ 24 ] CVE-2018-12387 https://nvd.nist.gov/vuln/detail/CVE-2018-12387 [ 25 ] CVE-2018-5125 https://nvd.nist.gov/vuln/detail/CVE-2018-5125 [ 26 ] CVE-2018-5127 https://nvd.nist.gov/vuln/detail/CVE-2018-5127 [ 27 ] CVE-2018-5129 https://nvd.nist.gov/vuln/detail/CVE-2018-5129 [ 28 ] CVE-2018-5130 https://nvd.nist.gov/vuln/detail/CVE-2018-5130 [ 29 ] CVE-2018-5131 https://nvd.nist.gov/vuln/detail/CVE-2018-5131 [ 30 ] CVE-2018-5144 https://nvd.nist.gov/vuln/detail/CVE-2018-5144 [ 31 ] CVE-2018-5150 https://nvd.nist.gov/vuln/detail/CVE-2018-5150 [ 32 ] CVE-2018-5154 https://nvd.nist.gov/vuln/detail/CVE-2018-5154 [ 33 ] CVE-2018-5155 https://nvd.nist.gov/vuln/detail/CVE-2018-5155 [ 34 ] CVE-2018-5156 https://nvd.nist.gov/vuln/detail/CVE-2018-5156 [ 35 ] CVE-2018-5157 https://nvd.nist.gov/vuln/detail/CVE-2018-5157 [ 36 ] CVE-2018-5158 https://nvd.nist.gov/vuln/detail/CVE-2018-5158 [ 37 ] CVE-2018-5159 https://nvd.nist.gov/vuln/detail/CVE-2018-5159 [ 38 ] CVE-2018-5168 https://nvd.nist.gov/vuln/detail/CVE-2018-5168 [ 39 ] CVE-2018-5178 https://nvd.nist.gov/vuln/detail/CVE-2018-5178 [ 40 ] CVE-2018-5183 https://nvd.nist.gov/vuln/detail/CVE-2018-5183 [ 41 ] CVE-2018-5186 https://nvd.nist.gov/vuln/detail/CVE-2018-5186 [ 42 ] CVE-2018-5187 https://nvd.nist.gov/vuln/detail/CVE-2018-5187 [ 43 ] CVE-2018-5188 https://nvd.nist.gov/vuln/detail/CVE-2018-5188 [ 44 ] CVE-2018-6126 https://nvd.nist.gov/vuln/detail/CVE-2018-6126
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201810-01
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
--4GxaTkejBLdgDiH1bCEPm2nyv1WJSpBWP--
--7A8bUTBMirNQzpVg5adgYghbeiBhQY57u Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAluz74pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2 BVldaQf+MRdgHxbmnFR7WqlCcNnFzE3S6xaUP6oskFIkfi4nzSOxe/kG8NiRrgld YYCs7n4yzN1XgNW8XNuA3/KnDUp8S2ha+0ZfmgL1fYnjm9r5fJbkUkQJ4I7aVlea XqSe18ivC3otwarwZ7M1gDDW7GFyABJcy3829MkTZoiJ02nlWPam1DIdYeKFNcQT DK3M0f89l/X2gBWMfoHJdjExQ7+fIv1Tpcmb1YCQvZAsIe+DHMcWMmV2A4gRrXsz DXyXrjI0Jp1tcMXxjNSLVucyFPPabndsfuJzk2FIbnlg9rCRMmwoc16OP/H9AvLO +37ItqgxN6kZ/DKwFjSDeba6605+ug== =RqqS -----END PGP SIGNATURE-----
--7A8bUTBMirNQzpVg5adgYghbeiBhQY57u--
|