https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/ Reproducible: Always
Started going through the SAs, but out of time and found an exploitable crash possibility so sufficient for classification at this point, the list of CVEs is not complete at this point SA Severity Desc / CVE 2015-135 High Simple var assignments can trigger "can't convert undefined to object" exception (CVE-2015-7204). This crash was caused by a change to the JavaScript engine was first shipped in Firefox 41. Earlier versions of Firefox are unaffected by this problem, including Firefox ESR 38. 2015-136 High performance.getEntries() shows x-domain URLs after a redirect when loading from cache (CVE-2015-7207) Cached redirects + History traversal reveal cross-origin URLs 2015-137 Moderate allowing vertical tab in cookies leads to cookie injection on some servers (CVE-2015-7208) 2015-139 High Memset crash in mozilla::layers ::BufferTextureClient::AllocateForSurface (CVE-2015-7212) 2015-141 Low Partial URL spoofing using the data URI scheme (CVE-2015-7211) 2015-142 Low Firefox HTTP2 Malformed Header Frame DoS (CVE-2015-7218) Firefox HTTP2 Malformed PushPromise Underflow DoS (CVE-2015-7219) 2015-143 Moderate Firefox in Linux is using Jasper which is unmaintained and vulnerable (CVE-2015-7216) Heap overflow and DoS with TGA files in gdk-pixbuf affecting Firefox (CVE-2015-7217) This issue only affects Linux systems running Gnome. Windows, OS X, and Android operating systems are unaffected. 2015-144 Moderate Buffer overflow on OOM in DirectWriteFontInfo::LoadFontFamilyData (CVE-2015-7203) Overflow in XDRBuffer::grow can cause memory-safety bug (CVE-2015-7220) Overflow in nsDeque::GrowCapacity can cause memory-safety bug (CVE-2015-7221)
*** Bug 568408 has been marked as a duplicate of this bug. ***
firefox{,-bin}-{38.5.0,43.0} are now in the Gentoo repo. Thunderbird packages are still days out, and I don't know what the status is on seamonkey. Should we go ahead with stabilization now or wait a day or two for the other packages to join the bug?
Thunderbird packages have been added to the gentoo repo. Arches, please stabilize: =www-client/firefox-38.5.0 Stable KEYWORDS="amd64 hppa ppc ppc64 x86" =www-client/firefox-bin-38.5.0 Stable KEYWORDS="amd64 x86" =mail-client/thunderbird-38.5.0 Stable KEYWORDS="amd64 ppc ppc64 x86" =mail-client/thunderbird-bin-38.5.0 Stable KEYWORDS="amd64 x86"
amd64 stable
x86 stable
Stable for PPC64.
Stable for HPPA.
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Bug #570168 prevents building thunderbird on hardened systems and thus makes updating to fix the issues impossible.
Arches, Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in GLSA 201512-10 at https://security.gentoo.org/glsa/201512-10 by GLSA coordinator Yury German (BlueKnight).
Re-Opening for cleanup. Maintainers, the GLSA has been released please clean up the Vulnerable versions.
Maintainer(s), Thank you for your work.