exploit the possibilities

Gentoo Linux Security Advisory 201512-10

Gentoo Linux Security Advisory 201512-10
Posted Dec 30, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-10 - Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 38.5.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0798, CVE-2015-0799, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0810, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816, CVE-2015-2706, CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2730, CVE-2015-2731
MD5 | 5a2f23b04bc19cb5b4340595d101640e

Gentoo Linux Security Advisory 201512-10

Change Mirror Download
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201512-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Products: Multiple vulnerabilities
Date: December 30, 2015
Bugs: #545232, #554036, #556942, #564818, #568376
ID: 201512-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird, the worst of which may allow user-assisted execution of
arbitrary code.

Background
==========

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 38.5.0 >= 38.5.0
2 www-client/firefox-bin < 38.5.0 >= 38.5.0
3 mail-client/thunderbird < 38.5.0 >= 38.5.0
4 mail-client/thunderbird-bin
< 38.5.0 >= 38.5.0
-------------------------------------------------------------------
4 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox and
Mozilla Thunderbird. Please review the CVE identifiers referenced below
for details.

Impact
======

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"

All Firefox-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"

All Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"=


All Thunderbird-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"

References
==========

[ 1 ] CVE-2015-0798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798
[ 2 ] CVE-2015-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799
[ 3 ] CVE-2015-0801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801
[ 4 ] CVE-2015-0802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802
[ 5 ] CVE-2015-0803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803
[ 6 ] CVE-2015-0804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804
[ 7 ] CVE-2015-0805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805
[ 8 ] CVE-2015-0806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806
[ 9 ] CVE-2015-0807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807
[ 10 ] CVE-2015-0808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808
[ 11 ] CVE-2015-0810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810
[ 12 ] CVE-2015-0811
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811
[ 13 ] CVE-2015-0812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812
[ 14 ] CVE-2015-0813
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813
[ 15 ] CVE-2015-0814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814
[ 16 ] CVE-2015-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815
[ 17 ] CVE-2015-0816
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816
[ 18 ] CVE-2015-2706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706
[ 19 ] CVE-2015-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721
[ 20 ] CVE-2015-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722
[ 21 ] CVE-2015-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724
[ 22 ] CVE-2015-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725
[ 23 ] CVE-2015-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726
[ 24 ] CVE-2015-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727
[ 25 ] CVE-2015-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728
[ 26 ] CVE-2015-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729
[ 27 ] CVE-2015-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730
[ 28 ] CVE-2015-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731
[ 29 ] CVE-2015-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733
[ 30 ] CVE-2015-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734
[ 31 ] CVE-2015-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735
[ 32 ] CVE-2015-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736
[ 33 ] CVE-2015-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737
[ 34 ] CVE-2015-2738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738
[ 35 ] CVE-2015-2739
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739
[ 36 ] CVE-2015-2740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740
[ 37 ] CVE-2015-2741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741
[ 38 ] CVE-2015-2742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742
[ 39 ] CVE-2015-2743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743
[ 40 ] CVE-2015-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808
[ 41 ] CVE-2015-4000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 42 ] CVE-2015-4495
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495
[ 43 ] CVE-2015-4513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513
[ 44 ] CVE-2015-4514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514
[ 45 ] CVE-2015-4515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515
[ 46 ] CVE-2015-4518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518
[ 47 ] CVE-2015-7181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
[ 48 ] CVE-2015-7182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
[ 49 ] CVE-2015-7183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
[ 50 ] CVE-2015-7187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187
[ 51 ] CVE-2015-7188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188
[ 52 ] CVE-2015-7189
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189
[ 53 ] CVE-2015-7191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191
[ 54 ] CVE-2015-7192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192
[ 55 ] CVE-2015-7193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193
[ 56 ] CVE-2015-7194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194
[ 57 ] CVE-2015-7195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195
[ 58 ] CVE-2015-7196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196
[ 59 ] CVE-2015-7197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197
[ 60 ] CVE-2015-7198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198
[ 61 ] CVE-2015-7199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199
[ 62 ] CVE-2015-7200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200
[ 63 ] CVE-2015-7201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201
[ 64 ] CVE-2015-7202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202
[ 65 ] CVE-2015-7203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203
[ 66 ] CVE-2015-7204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204
[ 67 ] CVE-2015-7205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205
[ 68 ] CVE-2015-7207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207
[ 69 ] CVE-2015-7208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208
[ 70 ] CVE-2015-7210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210
[ 71 ] CVE-2015-7211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211
[ 72 ] CVE-2015-7212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212
[ 73 ] CVE-2015-7213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213
[ 74 ] CVE-2015-7214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214
[ 75 ] CVE-2015-7215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215
[ 76 ] CVE-2015-7216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216
[ 77 ] CVE-2015-7217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217
[ 78 ] CVE-2015-7218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218
[ 79 ] CVE-2015-7219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219
[ 80 ] CVE-2015-7220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220
[ 81 ] CVE-2015-7221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221
[ 82 ] CVE-2015-7222
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222
[ 83 ] CVE-2015-7223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201512-10

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close