Mozilla Products: Multiple vulnerabilities

Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. firefox,thunderbird,seamonkey September 27, 2013 September 27, 2013: 1 450940 458390 460818 464226 469868 474758 479968 485258 remote 17.0.9 17.0.9 17.0.9 17.0.9 2.21 2.21 17.0.9 17.0.9 17.0.9 17.0.9 2.21 2.21

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’.

Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks.

There is no known workaround at this time.

All Mozilla Firefox users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"

All users of the Mozilla Firefox binary package should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"

All Mozilla Thunderbird users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"

All users of the Mozilla Thunderbird binary package should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-17.0.9"

All SeaMonkey users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"

All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"

CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0784 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0799 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1707 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1726 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 creffett creffett