GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
Critical Nessus Plugin ID 14781
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)
Mozilla-based products are vulnerable to multiple security issues.
Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns.
There is no known workaround covering all vulnerabilities.
SolutionAll users should upgrade to the latest stable version:
# emerge sync # emerge -pv your-version # emerge your-version