GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
Critical Nessus Plugin ID 82632
Synopsis
The remote Gentoo host is missing one or more security-related patches.
Description
The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact.
Workaround :
There are no known workarounds at this time.
Solution
All firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3' All firefox-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3' All thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0' All thunderbird-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-31.5.0' All seamonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1' All seamonkey-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1' All nspr users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'