- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201512-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Mozilla Products: Multiple vulnerabilities
     Date: December 30, 2015
     Bugs: #545232, #554036, #556942, #564818, #568376
       ID: 201512-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird, the worst of which may allow user-assisted execution of
arbitrary code.

Background
==========

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/firefox           < 38.5.0                  >= 38.5.0
  2  www-client/firefox-bin       < 38.5.0                  >= 38.5.0
  3  mail-client/thunderbird      < 38.5.0                  >= 38.5.0
  4  mail-client/thunderbird-bin
                                  < 38.5.0                  >= 38.5.0
    -------------------------------------------------------------------
     4 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox and
Mozilla Thunderbird. Please review the CVE identifiers referenced below
for details.

Impact
======

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All  Firefox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"

All  Firefox-bin users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"

All  Thunderbird users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"=


All  Thunderbird-bin users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0"

References
==========

[  1 ] CVE-2015-0798
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798
[  2 ] CVE-2015-0799
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799
[  3 ] CVE-2015-0801
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801
[  4 ] CVE-2015-0802
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802
[  5 ] CVE-2015-0803
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803
[  6 ] CVE-2015-0804
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804
[  7 ] CVE-2015-0805
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805
[  8 ] CVE-2015-0806
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806
[  9 ] CVE-2015-0807
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807
[ 10 ] CVE-2015-0808
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808
[ 11 ] CVE-2015-0810
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810
[ 12 ] CVE-2015-0811
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811
[ 13 ] CVE-2015-0812
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812
[ 14 ] CVE-2015-0813
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813
[ 15 ] CVE-2015-0814
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814
[ 16 ] CVE-2015-0815
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815
[ 17 ] CVE-2015-0816
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816
[ 18 ] CVE-2015-2706
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706
[ 19 ] CVE-2015-2721
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721
[ 20 ] CVE-2015-2722
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722
[ 21 ] CVE-2015-2724
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724
[ 22 ] CVE-2015-2725
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725
[ 23 ] CVE-2015-2726
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726
[ 24 ] CVE-2015-2727
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727
[ 25 ] CVE-2015-2728
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728
[ 26 ] CVE-2015-2729
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729
[ 27 ] CVE-2015-2730
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730
[ 28 ] CVE-2015-2731
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731
[ 29 ] CVE-2015-2733
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733
[ 30 ] CVE-2015-2734
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734
[ 31 ] CVE-2015-2735
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735
[ 32 ] CVE-2015-2736
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736
[ 33 ] CVE-2015-2737
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737
[ 34 ] CVE-2015-2738
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738
[ 35 ] CVE-2015-2739
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739
[ 36 ] CVE-2015-2740
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740
[ 37 ] CVE-2015-2741
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741
[ 38 ] CVE-2015-2742
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742
[ 39 ] CVE-2015-2743
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743
[ 40 ] CVE-2015-2808
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808
[ 41 ] CVE-2015-4000
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 42 ] CVE-2015-4495
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495
[ 43 ] CVE-2015-4513
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513
[ 44 ] CVE-2015-4514
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514
[ 45 ] CVE-2015-4515
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515
[ 46 ] CVE-2015-4518
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518
[ 47 ] CVE-2015-7181
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181
[ 48 ] CVE-2015-7182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182
[ 49 ] CVE-2015-7183
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183
[ 50 ] CVE-2015-7187
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187
[ 51 ] CVE-2015-7188
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188
[ 52 ] CVE-2015-7189
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189
[ 53 ] CVE-2015-7191
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191
[ 54 ] CVE-2015-7192
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192
[ 55 ] CVE-2015-7193
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193
[ 56 ] CVE-2015-7194
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194
[ 57 ] CVE-2015-7195
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195
[ 58 ] CVE-2015-7196
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196
[ 59 ] CVE-2015-7197
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197
[ 60 ] CVE-2015-7198
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198
[ 61 ] CVE-2015-7199
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199
[ 62 ] CVE-2015-7200
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200
[ 63 ] CVE-2015-7201
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201
[ 64 ] CVE-2015-7202
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202
[ 65 ] CVE-2015-7203
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203
[ 66 ] CVE-2015-7204
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204
[ 67 ] CVE-2015-7205
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205
[ 68 ] CVE-2015-7207
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207
[ 69 ] CVE-2015-7208
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208
[ 70 ] CVE-2015-7210
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210
[ 71 ] CVE-2015-7211
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211
[ 72 ] CVE-2015-7212
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212
[ 73 ] CVE-2015-7213
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213
[ 74 ] CVE-2015-7214
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214
[ 75 ] CVE-2015-7215
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215
[ 76 ] CVE-2015-7216
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216
[ 77 ] CVE-2015-7217
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217
[ 78 ] CVE-2015-7218
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218
[ 79 ] CVE-2015-7219
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219
[ 80 ] CVE-2015-7220
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220
[ 81 ] CVE-2015-7221
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221
[ 82 ] CVE-2015-7222
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222
[ 83 ] CVE-2015-7223
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201512-10

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5