New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges.
Package | www-client/mozilla-firefox on all architectures |
---|---|
Affected versions | < 1.0.3 |
Unaffected versions | >= 1.0.3 |
Package | www-client/mozilla-firefox-bin on all architectures |
---|---|
Affected versions | < 1.0.3 |
Unaffected versions | >= 1.0.3 |
Package | www-client/mozilla on all architectures |
---|---|
Affected versions | < 1.7.7 |
Unaffected versions | >= 1.7.7 |
Package | www-client/mozilla-bin on all architectures |
---|---|
Affected versions | < 1.7.7 |
Unaffected versions | >= 1.7.7 |
The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project.
The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox:
The following Firefox-specific vulnerabilities have also been discovered:
The various JavaScript execution with elevated privileges issues can be exploited by a remote attacker to install malicious code or steal data. The memory disclosure issue can be used to reveal potentially sensitive information. Finally, the cache pollution issue and search plugin abuse can be leveraged in cross-site-scripting attacks.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3"
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"