Gentoo Linux Security Advisory 201802-03

Gentoo Linux Security Advisory 201802-03: Posted Feb 20, 2018; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2016-6354, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465; SHA-256 | 9c755436dabdfb3e7a966a0901e80d5c8a7a16dfd36c2bb6664051a1013932d3; Download | Favorite | View

Gentoo Linux Security Advisory 201802-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201802-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Mozilla Firefox: Multiple vulnerabilities
     Date: February 20, 2018
     Bugs: #616030, #621722, #632400, #639854, #645510, #648198
       ID: 201802-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Firefox, the worst
of which may allow execution of arbitrary code.

Background
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/firefox           < 52.6.0                  >= 52.6.0
  2  www-client/firefox-bin       < 52.6.0                  >= 52.6.0
    -------------------------------------------------------------------
     2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox.
Please review the referenced CVE identifiers for details.

Impact
======

A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to perform Man-in-the-Middle
attacks, obtain sensitive information, spoof the address bar, conduct
clickjacking attacks, bypass security restrictions and protection
mechanisms, or have other unspecified impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-52.6.0"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-52.6.0"

References
==========

[  1 ] CVE-2016-10195
       https://nvd.nist.gov/vuln/detail/CVE-2016-10195
[  2 ] CVE-2016-10196
       https://nvd.nist.gov/vuln/detail/CVE-2016-10196
[  3 ] CVE-2016-10197
       https://nvd.nist.gov/vuln/detail/CVE-2016-10197
[  4 ] CVE-2016-6354
       https://nvd.nist.gov/vuln/detail/CVE-2016-6354
[  5 ] CVE-2017-5429
       https://nvd.nist.gov/vuln/detail/CVE-2017-5429
[  6 ] CVE-2017-5432
       https://nvd.nist.gov/vuln/detail/CVE-2017-5432
[  7 ] CVE-2017-5433
       https://nvd.nist.gov/vuln/detail/CVE-2017-5433
[  8 ] CVE-2017-5434
       https://nvd.nist.gov/vuln/detail/CVE-2017-5434
[  9 ] CVE-2017-5435
       https://nvd.nist.gov/vuln/detail/CVE-2017-5435
[ 10 ] CVE-2017-5436
       https://nvd.nist.gov/vuln/detail/CVE-2017-5436
[ 11 ] CVE-2017-5437
       https://nvd.nist.gov/vuln/detail/CVE-2017-5437
[ 12 ] CVE-2017-5438
       https://nvd.nist.gov/vuln/detail/CVE-2017-5438
[ 13 ] CVE-2017-5439
       https://nvd.nist.gov/vuln/detail/CVE-2017-5439
[ 14 ] CVE-2017-5440
       https://nvd.nist.gov/vuln/detail/CVE-2017-5440
[ 15 ] CVE-2017-5441
       https://nvd.nist.gov/vuln/detail/CVE-2017-5441
[ 16 ] CVE-2017-5442
       https://nvd.nist.gov/vuln/detail/CVE-2017-5442
[ 17 ] CVE-2017-5443
       https://nvd.nist.gov/vuln/detail/CVE-2017-5443
[ 18 ] CVE-2017-5444
       https://nvd.nist.gov/vuln/detail/CVE-2017-5444
[ 19 ] CVE-2017-5445
       https://nvd.nist.gov/vuln/detail/CVE-2017-5445
[ 20 ] CVE-2017-5446
       https://nvd.nist.gov/vuln/detail/CVE-2017-5446
[ 21 ] CVE-2017-5447
       https://nvd.nist.gov/vuln/detail/CVE-2017-5447
[ 22 ] CVE-2017-5448
       https://nvd.nist.gov/vuln/detail/CVE-2017-5448
[ 23 ] CVE-2017-5459
       https://nvd.nist.gov/vuln/detail/CVE-2017-5459
[ 24 ] CVE-2017-5460
       https://nvd.nist.gov/vuln/detail/CVE-2017-5460
[ 25 ] CVE-2017-5461
       https://nvd.nist.gov/vuln/detail/CVE-2017-5461
[ 26 ] CVE-2017-5462
       https://nvd.nist.gov/vuln/detail/CVE-2017-5462
[ 27 ] CVE-2017-5464
       https://nvd.nist.gov/vuln/detail/CVE-2017-5464
[ 28 ] CVE-2017-5465
       https://nvd.nist.gov/vuln/detail/CVE-2017-5465
[ 29 ] CVE-2017-5469
       https://nvd.nist.gov/vuln/detail/CVE-2017-5469
[ 30 ] CVE-2017-5470
       https://nvd.nist.gov/vuln/detail/CVE-2017-5470
[ 31 ] CVE-2017-5472
       https://nvd.nist.gov/vuln/detail/CVE-2017-5472
[ 32 ] CVE-2017-7749
       https://nvd.nist.gov/vuln/detail/CVE-2017-7749
[ 33 ] CVE-2017-7750
       https://nvd.nist.gov/vuln/detail/CVE-2017-7750
[ 34 ] CVE-2017-7751
       https://nvd.nist.gov/vuln/detail/CVE-2017-7751
[ 35 ] CVE-2017-7752
       https://nvd.nist.gov/vuln/detail/CVE-2017-7752
[ 36 ] CVE-2017-7753
       https://nvd.nist.gov/vuln/detail/CVE-2017-7753
[ 37 ] CVE-2017-7754
       https://nvd.nist.gov/vuln/detail/CVE-2017-7754
[ 38 ] CVE-2017-7756
       https://nvd.nist.gov/vuln/detail/CVE-2017-7756
[ 39 ] CVE-2017-7757
       https://nvd.nist.gov/vuln/detail/CVE-2017-7757
[ 40 ] CVE-2017-7758
       https://nvd.nist.gov/vuln/detail/CVE-2017-7758
[ 41 ] CVE-2017-7764
       https://nvd.nist.gov/vuln/detail/CVE-2017-7764
[ 42 ] CVE-2017-7771
       https://nvd.nist.gov/vuln/detail/CVE-2017-7771
[ 43 ] CVE-2017-7772
       https://nvd.nist.gov/vuln/detail/CVE-2017-7772
[ 44 ] CVE-2017-7773
       https://nvd.nist.gov/vuln/detail/CVE-2017-7773
[ 45 ] CVE-2017-7774
       https://nvd.nist.gov/vuln/detail/CVE-2017-7774
[ 46 ] CVE-2017-7775
       https://nvd.nist.gov/vuln/detail/CVE-2017-7775
[ 47 ] CVE-2017-7776
       https://nvd.nist.gov/vuln/detail/CVE-2017-7776
[ 48 ] CVE-2017-7777
       https://nvd.nist.gov/vuln/detail/CVE-2017-7777
[ 49 ] CVE-2017-7778
       https://nvd.nist.gov/vuln/detail/CVE-2017-7778
[ 50 ] CVE-2017-7779
       https://nvd.nist.gov/vuln/detail/CVE-2017-7779
[ 51 ] CVE-2017-7784
       https://nvd.nist.gov/vuln/detail/CVE-2017-7784
[ 52 ] CVE-2017-7785
       https://nvd.nist.gov/vuln/detail/CVE-2017-7785
[ 53 ] CVE-2017-7786
       https://nvd.nist.gov/vuln/detail/CVE-2017-7786
[ 54 ] CVE-2017-7787
       https://nvd.nist.gov/vuln/detail/CVE-2017-7787
[ 55 ] CVE-2017-7791
       https://nvd.nist.gov/vuln/detail/CVE-2017-7791
[ 56 ] CVE-2017-7792
       https://nvd.nist.gov/vuln/detail/CVE-2017-7792
[ 57 ] CVE-2017-7793
       https://nvd.nist.gov/vuln/detail/CVE-2017-7793
[ 58 ] CVE-2017-7798
       https://nvd.nist.gov/vuln/detail/CVE-2017-7798
[ 59 ] CVE-2017-7800
       https://nvd.nist.gov/vuln/detail/CVE-2017-7800
[ 60 ] CVE-2017-7801
       https://nvd.nist.gov/vuln/detail/CVE-2017-7801
[ 61 ] CVE-2017-7802
       https://nvd.nist.gov/vuln/detail/CVE-2017-7802
[ 62 ] CVE-2017-7803
       https://nvd.nist.gov/vuln/detail/CVE-2017-7803
[ 63 ] CVE-2017-7805
       https://nvd.nist.gov/vuln/detail/CVE-2017-7805
[ 64 ] CVE-2017-7807
       https://nvd.nist.gov/vuln/detail/CVE-2017-7807
[ 65 ] CVE-2017-7809
       https://nvd.nist.gov/vuln/detail/CVE-2017-7809
[ 66 ] CVE-2017-7810
       https://nvd.nist.gov/vuln/detail/CVE-2017-7810
[ 67 ] CVE-2017-7814
       https://nvd.nist.gov/vuln/detail/CVE-2017-7814
[ 68 ] CVE-2017-7818
       https://nvd.nist.gov/vuln/detail/CVE-2017-7818
[ 69 ] CVE-2017-7819
       https://nvd.nist.gov/vuln/detail/CVE-2017-7819
[ 70 ] CVE-2017-7823
       https://nvd.nist.gov/vuln/detail/CVE-2017-7823
[ 71 ] CVE-2017-7824
       https://nvd.nist.gov/vuln/detail/CVE-2017-7824
[ 72 ] CVE-2017-7843
       https://nvd.nist.gov/vuln/detail/CVE-2017-7843
[ 73 ] CVE-2017-7844
       https://nvd.nist.gov/vuln/detail/CVE-2017-7844
[ 74 ] CVE-2018-5089
       https://nvd.nist.gov/vuln/detail/CVE-2018-5089
[ 75 ] CVE-2018-5091
       https://nvd.nist.gov/vuln/detail/CVE-2018-5091
[ 76 ] CVE-2018-5095
       https://nvd.nist.gov/vuln/detail/CVE-2018-5095
[ 77 ] CVE-2018-5096
       https://nvd.nist.gov/vuln/detail/CVE-2018-5096
[ 78 ] CVE-2018-5097
       https://nvd.nist.gov/vuln/detail/CVE-2018-5097
[ 79 ] CVE-2018-5098
       https://nvd.nist.gov/vuln/detail/CVE-2018-5098
[ 80 ] CVE-2018-5099
       https://nvd.nist.gov/vuln/detail/CVE-2018-5099
[ 81 ] CVE-2018-5102
       https://nvd.nist.gov/vuln/detail/CVE-2018-5102
[ 82 ] CVE-2018-5103
       https://nvd.nist.gov/vuln/detail/CVE-2018-5103
[ 83 ] CVE-2018-5104
       https://nvd.nist.gov/vuln/detail/CVE-2018-5104
[ 84 ] CVE-2018-5117
       https://nvd.nist.gov/vuln/detail/CVE-2018-5117

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201802-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Gentoo Linux Security Advisory 201802-03

Gentoo Linux Security Advisory 201802-03

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201802-03

Share This

Gentoo Linux Security Advisory 201802-03

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems