Mozilla products: Multiple vulnerabilities Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. mozilla-firefox mozilla-firefox-bin mozilla-thunderbird mozilla-thunderbird-bin seamonkey seamonkey-bin xulrunner xulrunner-bin August 06, 2008 August 06, 2008: 01 204337 218065 230567 231975 remote 2.0.0.16 2.0.0.16 2.0.0.16 2.0.0.16 2.0.0.16 2.0.0.16 2.0.0.16 2.0.0.16 1.1.11 1.1.11 1.1.11 1.1.11 1.8.1.16 1.8.1.16 1.8.1.16 1.8.1.16

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird.

The following vulnerabilities were reported in all mentioned Mozilla products:

The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:

The following vulnerability was reported in Firefox only:

A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed web site, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks.

There is no known workaround at this time.

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.16"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.16"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.16"

All Mozilla Thunderbird binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"

All Seamonkey users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"

All Seamonkey binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.11"

All XULRunner users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"

All XULRunner binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-bin-1.8.1.16"
CVE-2008-1380 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 GLSA 200805-18 p-y rbu rbu