- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Firefox: Multiple vulnerabilities Date: October 02, 2018 Bugs: #650422, #657976, #659432, #665496, #666760, #667612 ID: 201810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 60.2.2 >= 60.2.2 2 www-client/firefox-bin < 60.2.2 >= 60.2.2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-60.2.2" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.2.2" References ========== [ 1 ] CVE-2017-16541 https://nvd.nist.gov/vuln/detail/CVE-2017-16541 [ 2 ] CVE-2018-12358 https://nvd.nist.gov/vuln/detail/CVE-2018-12358 [ 3 ] CVE-2018-12359 https://nvd.nist.gov/vuln/detail/CVE-2018-12359 [ 4 ] CVE-2018-12360 https://nvd.nist.gov/vuln/detail/CVE-2018-12360 [ 5 ] CVE-2018-12361 https://nvd.nist.gov/vuln/detail/CVE-2018-12361 [ 6 ] CVE-2018-12362 https://nvd.nist.gov/vuln/detail/CVE-2018-12362 [ 7 ] CVE-2018-12363 https://nvd.nist.gov/vuln/detail/CVE-2018-12363 [ 8 ] CVE-2018-12364 https://nvd.nist.gov/vuln/detail/CVE-2018-12364 [ 9 ] CVE-2018-12365 https://nvd.nist.gov/vuln/detail/CVE-2018-12365 [ 10 ] CVE-2018-12366 https://nvd.nist.gov/vuln/detail/CVE-2018-12366 [ 11 ] CVE-2018-12367 https://nvd.nist.gov/vuln/detail/CVE-2018-12367 [ 12 ] CVE-2018-12368 https://nvd.nist.gov/vuln/detail/CVE-2018-12368 [ 13 ] CVE-2018-12369 https://nvd.nist.gov/vuln/detail/CVE-2018-12369 [ 14 ] CVE-2018-12370 https://nvd.nist.gov/vuln/detail/CVE-2018-12370 [ 15 ] CVE-2018-12371 https://nvd.nist.gov/vuln/detail/CVE-2018-12371 [ 16 ] CVE-2018-12376 https://nvd.nist.gov/vuln/detail/CVE-2018-12376 [ 17 ] CVE-2018-12377 https://nvd.nist.gov/vuln/detail/CVE-2018-12377 [ 18 ] CVE-2018-12378 https://nvd.nist.gov/vuln/detail/CVE-2018-12378 [ 19 ] CVE-2018-12379 https://nvd.nist.gov/vuln/detail/CVE-2018-12379 [ 20 ] CVE-2018-12381 https://nvd.nist.gov/vuln/detail/CVE-2018-12381 [ 21 ] CVE-2018-12383 https://nvd.nist.gov/vuln/detail/CVE-2018-12383 [ 22 ] CVE-2018-12385 https://nvd.nist.gov/vuln/detail/CVE-2018-12385 [ 23 ] CVE-2018-12386 https://nvd.nist.gov/vuln/detail/CVE-2018-12386 [ 24 ] CVE-2018-12387 https://nvd.nist.gov/vuln/detail/CVE-2018-12387 [ 25 ] CVE-2018-5125 https://nvd.nist.gov/vuln/detail/CVE-2018-5125 [ 26 ] CVE-2018-5127 https://nvd.nist.gov/vuln/detail/CVE-2018-5127 [ 27 ] CVE-2018-5129 https://nvd.nist.gov/vuln/detail/CVE-2018-5129 [ 28 ] CVE-2018-5130 https://nvd.nist.gov/vuln/detail/CVE-2018-5130 [ 29 ] CVE-2018-5131 https://nvd.nist.gov/vuln/detail/CVE-2018-5131 [ 30 ] CVE-2018-5144 https://nvd.nist.gov/vuln/detail/CVE-2018-5144 [ 31 ] CVE-2018-5150 https://nvd.nist.gov/vuln/detail/CVE-2018-5150 [ 32 ] CVE-2018-5154 https://nvd.nist.gov/vuln/detail/CVE-2018-5154 [ 33 ] CVE-2018-5155 https://nvd.nist.gov/vuln/detail/CVE-2018-5155 [ 34 ] CVE-2018-5156 https://nvd.nist.gov/vuln/detail/CVE-2018-5156 [ 35 ] CVE-2018-5157 https://nvd.nist.gov/vuln/detail/CVE-2018-5157 [ 36 ] CVE-2018-5158 https://nvd.nist.gov/vuln/detail/CVE-2018-5158 [ 37 ] CVE-2018-5159 https://nvd.nist.gov/vuln/detail/CVE-2018-5159 [ 38 ] CVE-2018-5168 https://nvd.nist.gov/vuln/detail/CVE-2018-5168 [ 39 ] CVE-2018-5178 https://nvd.nist.gov/vuln/detail/CVE-2018-5178 [ 40 ] CVE-2018-5183 https://nvd.nist.gov/vuln/detail/CVE-2018-5183 [ 41 ] CVE-2018-5186 https://nvd.nist.gov/vuln/detail/CVE-2018-5186 [ 42 ] CVE-2018-5187 https://nvd.nist.gov/vuln/detail/CVE-2018-5187 [ 43 ] CVE-2018-5188 https://nvd.nist.gov/vuln/detail/CVE-2018-5188 [ 44 ] CVE-2018-6126 https://nvd.nist.gov/vuln/detail/CVE-2018-6126 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5