Date: Tue, 7 Mar 2017 18:13:23 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r435627 - head/security/vuxml Message-ID: <201703071813.v27IDNR7086746@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Tue Mar 7 18:13:23 2017 New Revision: 435627 URL: https://svnweb.freebsd.org/changeset/ports/435627 Log: security/vuxml: mark firefox < 52 as vulnerable Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 7 18:01:14 2017 (r435626) +++ head/security/vuxml/vuln.xml Tue Mar 7 18:13:23 2017 (r435627) @@ -58,6 +58,113 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="96eca031-1313-4daf-9be2-9d6e1c4f1eb5"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>52.0_1,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.49</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><ge>46.0,1</ge><lt>52.0,1</lt></range> + <range><lt>45.8.0_1,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><ge>46.0,2</ge><lt>52.0,2</lt></range> + <range><lt>45.8.0_1,2</lt></range> + </package> + <package> + <name>libxul</name> + <range><ge>46.0</ge><lt>52.0</lt></range> + <range><lt>45.8.0_1</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><ge>46.0</ge><lt>52.0</lt></range> + <range><lt>45.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mozilla Foundation reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/">; + <p>CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP</p> + <p>CVE-2017-5401: Memory Corruption when handling ErrorResult</p> + <p>CVE-2017-5402: Use-after-free working with events in FontFace objects</p> + <p>CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object</p> + <p>CVE-2017-5404: Use-after-free working with ranges in selections</p> + <p>CVE-2017-5406: Segmentation fault in Skia with canvas operations</p> + <p>CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters</p> + <p>CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping</p> + <p>CVE-2017-5411: Use-after-free in Buffer Storage in libGLES</p> + <p>CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service</p> + <p>CVE-2017-5408: Cross-origin reading of video captions in violation of CORS</p> + <p>CVE-2017-5412: Buffer overflow read in SVG filters</p> + <p>CVE-2017-5413: Segmentation fault during bidirectional operations</p> + <p>CVE-2017-5414: File picker can choose incorrect default directory</p> + <p>CVE-2017-5415: Addressbar spoofing through blob URL</p> + <p>CVE-2017-5416: Null dereference crash in HttpChannel</p> + <p>CVE-2017-5417: Addressbar spoofing by draging and dropping URLs</p> + <p>CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access</p> + <p>CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running</p> + <p>CVE-2017-5427: Non-existent chrome.manifest file loaded during startup</p> + <p>CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses</p> + <p>CVE-2017-5419: Repeated authentication prompts lead to DOS attack</p> + <p>CVE-2017-5420: Javascript: URLs can obfuscate addressbar location</p> + <p>CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports</p> + <p>CVE-2017-5421: Print preview spoofing</p> + <p>CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink</p> + <p>CVE-2017-5399: Memory safety bugs fixed in Firefox 52</p> + <p>CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5400</cvename> + <cvename>CVE-2017-5401</cvename> + <cvename>CVE-2017-5402</cvename> + <cvename>CVE-2017-5403</cvename> + <cvename>CVE-2017-5404</cvename> + <cvename>CVE-2017-5406</cvename> + <cvename>CVE-2017-5407</cvename> + <cvename>CVE-2017-5410</cvename> + <cvename>CVE-2017-5411</cvename> + <cvename>CVE-2017-5409</cvename> + <cvename>CVE-2017-5408</cvename> + <cvename>CVE-2017-5412</cvename> + <cvename>CVE-2017-5413</cvename> + <cvename>CVE-2017-5414</cvename> + <cvename>CVE-2017-5415</cvename> + <cvename>CVE-2017-5416</cvename> + <cvename>CVE-2017-5417</cvename> + <cvename>CVE-2017-5425</cvename> + <cvename>CVE-2017-5426</cvename> + <cvename>CVE-2017-5427</cvename> + <cvename>CVE-2017-5418</cvename> + <cvename>CVE-2017-5419</cvename> + <cvename>CVE-2017-5420</cvename> + <cvename>CVE-2017-5405</cvename> + <cvename>CVE-2017-5421</cvename> + <cvename>CVE-2017-5422</cvename> + <cvename>CVE-2017-5399</cvename> + <cvename>CVE-2017-5398</cvename> + <url>https://www.mozilla.org/security/advisories/mfsa2017-05/</url>; + <url>https://www.mozilla.org/security/advisories/mfsa2017-06/</url>; + </references> + <dates> + <discovery>2017-03-07</discovery> + <entry>2017-03-07</entry> + </dates> + </vuln> + <vuln vid="71ebbc50-01c1-11e7-ae1b-002590263bf5"> <topic>codeigniter -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703071813.v27IDNR7086746>