GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Mar 10, 2019 9:26 pm Post subject: [ GLSA 201903-04 ] Mozilla Firefox |
|
|
Gentoo Linux Security Advisory
Title: Mozilla Firefox: Multiple vulnerabilities (GLSA 201903-04)
Severity: normal
Exploitable: remote
Date: 2019-03-10
Bug(s): #672956, #676892, #677856
ID: 201903-04
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, the
worst of which may allow execution of arbitrary code.
Background
Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.
Affected Packages
Package: www-client/firefox
Vulnerable: < 60.5.1
Unaffected: >= 60.5.1
Architectures: All supported architectures
Package: www-client/firefox-bin
Vulnerable: < 60.5.1
Unaffected: >= 60.5.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web
page possibly resulting in the execution of arbitrary code with the
privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla FireFox users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-60.5.1"
| All Mozilla FireFox bin users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.5.1"
|
References
CVE-2018-12405
CVE-2018-18356
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
CVE-2018-18500
CVE-2018-18501
CVE-2018-18505
CVE-2019-5785 |
|