GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201309-23
(Mozilla Products: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
below for details.

Impact :

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Further, a remote attacker could conduct XSS
attacks, spoof URLs, bypass address space layout randomization, conduct
clickjacking attacks, obtain potentially sensitive information, bypass
access restrictions, modify the local filesystem, or conduct other
unspecified attacks.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-201309-23.xml

Solution :

All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/firefox-17.0.9'
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/firefox-bin-17.0.9'
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/thunderbird-17.0.9'
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=mail-client/thunderbird-bin-17.0.9'
All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.21'
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.21'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 70183 ()

Bugtraq ID: 57193
57194
57195
57196
57197
57198
57199
57203
57204
57205
57207
57209
57211
57213
57215
57217
57218
57228
57232
57234
57235
57236
57238
57240
57241
57244
57260
58034
58036
58037
58038
58040
58041
58042
58043
58044
58047
58048
58049
58050
58051
58391
58819
58821
58824
58825
58826
58827
58828
58831
58835
58836
58837
59855
59858
59859
59860
59861
59862
59863
59864
59865
59868
59869
60765
60766
60776
60777
60778
60783
60784
60787
61864
61867
61871
61872
61873
61874
61875
61876
61877
61878
61882
61896
61900
62460
62462
62463
62464
62465
62466
62467
62468
62469
62472
62473
62475
62478
62479
62482

CVE ID: CVE-2013-0744
CVE-2013-0745
CVE-2013-0746
CVE-2013-0747
CVE-2013-0748
CVE-2013-0749
CVE-2013-0750
CVE-2013-0751
CVE-2013-0752
CVE-2013-0753
CVE-2013-0754
CVE-2013-0755
CVE-2013-0756
CVE-2013-0757
CVE-2013-0758
CVE-2013-0759
CVE-2013-0760
CVE-2013-0761
CVE-2013-0762
CVE-2013-0763
CVE-2013-0764
CVE-2013-0765
CVE-2013-0766
CVE-2013-0767
CVE-2013-0768
CVE-2013-0769
CVE-2013-0770
CVE-2013-0771
CVE-2013-0772
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0777
CVE-2013-0778
CVE-2013-0779
CVE-2013-0780
CVE-2013-0781
CVE-2013-0782
CVE-2013-0783
CVE-2013-0784
CVE-2013-0787
CVE-2013-0788
CVE-2013-0789
CVE-2013-0791
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0797
CVE-2013-0799
CVE-2013-0800
CVE-2013-0801
CVE-2013-1670
CVE-2013-1671
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
CVE-2013-1682
CVE-2013-1684
CVE-2013-1687
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1694
CVE-2013-1697
CVE-2013-1701
CVE-2013-1702
CVE-2013-1704
CVE-2013-1705
CVE-2013-1707
CVE-2013-1708
CVE-2013-1709
CVE-2013-1710
CVE-2013-1711
CVE-2013-1712
CVE-2013-1713
CVE-2013-1714
CVE-2013-1717
CVE-2013-1718
CVE-2013-1719
CVE-2013-1720
CVE-2013-1722
CVE-2013-1723
CVE-2013-1724
CVE-2013-1725
CVE-2013-1726
CVE-2013-1728
CVE-2013-1730
CVE-2013-1732
CVE-2013-1735
CVE-2013-1736
CVE-2013-1737
CVE-2013-1738