Mozilla Products: Multiple vulnerabilities — GLSA 201512-10

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code.

Affected packages

www-client/firefox on all architectures
Affected versions < 38.5.0
Unaffected versions >= 38.5.0
www-client/firefox-bin on all architectures
Affected versions < 38.5.0
Unaffected versions >= 38.5.0
mail-client/thunderbird on all architectures
Affected versions < 38.5.0
Unaffected versions >= 38.5.0
mail-client/thunderbird-bin on all architectures
Affected versions < 38.5.0
Unaffected versions >= 38.5.0

Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project.

Description

Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Firefox users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
 

All Firefox-bin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
 

All Thunderbird users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
 

All Thunderbird-bin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=mail-client/thunderbird-bin-38.5.0"
 

References

Release date
December 30, 2015

Latest revision
December 31, 2015: 2

Severity
normal

Exploitable
remote

Bugzilla entries