Mozilla Products: Multiple vulnerabilities

Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. firefox 2016-05-31 2017-01-20 549356 550288 557590 559186 561246 563230 564834 571086 573074 574596 576862 remote 4.12 4.12 3.22.2 3.22.2 38.7.0 38.7.0 38.7.0 38.7.0 38.7.0 38.7.0 38.7.0 38.7.0

Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as ‘Mozilla Application Suite’.

Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts.

There is no known workaround at this time.

All NSS users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"

All Thunderbird users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"

All users of the Thunderbird binary package should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-38.7.0"

All Firefox 38.7.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"

All users of the Firefox 38.7.x binary package should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"

CVE-2015-2708 CVE-2015-2708 CVE-2015-2709 CVE-2015-2709 CVE-2015-2710 CVE-2015-2710 CVE-2015-2711 CVE-2015-2711 CVE-2015-2712 CVE-2015-2712 CVE-2015-2713 CVE-2015-2713 CVE-2015-2714 CVE-2015-2714 CVE-2015-2715 CVE-2015-2715 CVE-2015-2716 CVE-2015-2716 CVE-2015-2717 CVE-2015-2717 CVE-2015-2718 CVE-2015-2718 CVE-2015-2721 CVE-2015-4000 CVE-2015-4473 CVE-2015-4473 CVE-2015-4474 CVE-2015-4474 CVE-2015-4475 CVE-2015-4475 CVE-2015-4477 CVE-2015-4477 CVE-2015-4478 CVE-2015-4478 CVE-2015-4479 CVE-2015-4479 CVE-2015-4480 CVE-2015-4480 CVE-2015-4481 CVE-2015-4481 CVE-2015-4482 CVE-2015-4482 CVE-2015-4483 CVE-2015-4483 CVE-2015-4484 CVE-2015-4484 CVE-2015-4485 CVE-2015-4485 CVE-2015-4486 CVE-2015-4486 CVE-2015-4487 CVE-2015-4487 CVE-2015-4488 CVE-2015-4488 CVE-2015-4489 CVE-2015-4489 CVE-2015-4490 CVE-2015-4490 CVE-2015-4491 CVE-2015-4491 CVE-2015-4492 CVE-2015-4492 CVE-2015-4493 CVE-2015-4493 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7575 CVE-2016-1523 CVE-2016-1523 CVE-2016-1930 CVE-2016-1930 CVE-2016-1931 CVE-2016-1931 CVE-2016-1933 CVE-2016-1933 CVE-2016-1935 CVE-2016-1935 CVE-2016-1937 CVE-2016-1937 CVE-2016-1938 CVE-2016-1938 CVE-2016-1939 CVE-2016-1939 CVE-2016-1940 CVE-2016-1940 CVE-2016-1941 CVE-2016-1941 CVE-2016-1942 CVE-2016-1942 CVE-2016-1943 CVE-2016-1943 CVE-2016-1944 CVE-2016-1944 CVE-2016-1945 CVE-2016-1945 CVE-2016-1946 CVE-2016-1946 CVE-2016-1947 CVE-2016-1947 CVE-2016-1948 CVE-2016-1948 CVE-2016-1949 CVE-2016-1949 CVE-2016-1950 CVE-2016-1950 CVE-2016-1952 CVE-2016-1952 CVE-2016-1953 CVE-2016-1953 CVE-2016-1954 CVE-2016-1954 CVE-2016-1955 CVE-2016-1955 CVE-2016-1956 CVE-2016-1956 CVE-2016-1957 CVE-2016-1957 CVE-2016-1958 CVE-2016-1958 CVE-2016-1959 CVE-2016-1959 CVE-2016-1960 CVE-2016-1960 CVE-2016-1961 CVE-2016-1961 CVE-2016-1962 CVE-2016-1962 CVE-2016-1963 CVE-2016-1963 CVE-2016-1964 CVE-2016-1964 CVE-2016-1965 CVE-2016-1965 CVE-2016-1966 CVE-2016-1966 CVE-2016-1967 CVE-2016-1967 CVE-2016-1968 CVE-2016-1968 CVE-2016-1969 CVE-2016-1969 CVE-2016-1970 CVE-2016-1970 CVE-2016-1971 CVE-2016-1971 CVE-2016-1972 CVE-2016-1972 CVE-2016-1973 CVE-2016-1973 CVE-2016-1974 CVE-2016-1974 CVE-2016-1975 CVE-2016-1975 CVE-2016-1976 CVE-2016-1976 CVE-2016-1977 CVE-2016-1977 CVE-2016-1978 CVE-2016-1978 CVE-2016-1979 CVE-2016-1979 CVE-2016-2790 CVE-2016-2790 CVE-2016-2791 CVE-2016-2791 CVE-2016-2792 CVE-2016-2792 CVE-2016-2793 CVE-2016-2793 CVE-2016-2794 CVE-2016-2794 CVE-2016-2795 CVE-2016-2795 CVE-2016-2796 CVE-2016-2796 CVE-2016-2797 CVE-2016-2797 CVE-2016-2798 CVE-2016-2798 CVE-2016-2799 CVE-2016-2799 CVE-2016-2800 CVE-2016-2800 CVE-2016-2801 CVE-2016-2801 CVE-2016-2802 CVE-2016-2802 BlueKnight b-man