Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code.
Package | www-client/mozilla-firefox on all architectures |
---|---|
Affected versions | < 2.0.0.16 |
Unaffected versions | >= 2.0.0.16 |
Package | www-client/mozilla-firefox-bin on all architectures |
---|---|
Affected versions | < 2.0.0.16 |
Unaffected versions | >= 2.0.0.16 |
Package | mail-client/mozilla-thunderbird on all architectures |
---|---|
Affected versions | < 2.0.0.16 |
Unaffected versions | >= 2.0.0.16 |
Package | mail-client/mozilla-thunderbird-bin on all architectures |
---|---|
Affected versions | < 2.0.0.16 |
Unaffected versions | >= 2.0.0.16 |
Package | www-client/seamonkey on all architectures |
---|---|
Affected versions | < 1.1.11 |
Unaffected versions | >= 1.1.11 |
Package | www-client/seamonkey-bin on all architectures |
---|---|
Affected versions | < 1.1.11 |
Unaffected versions | >= 1.1.11 |
Package | net-libs/xulrunner on all architectures |
---|---|
Affected versions | < 1.8.1.16 |
Unaffected versions | >= 1.8.1.16 |
Package | net-libs/xulrunner-bin on all architectures |
---|---|
Affected versions | < 1.8.1.16 |
Unaffected versions | >= 1.8.1.16 |
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird.
The following vulnerabilities were reported in all mentioned Mozilla products:
The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:
The following vulnerability was reported in Firefox only:
A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed web site, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.16"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.16"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.16"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"
All Seamonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"
All Seamonkey binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.11"
All XULRunner users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"
All XULRunner binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-bin-1.8.1.16"