Date: Thu, 26 Mar 2026 19:18:57 +0000 From: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 62f0a081738b - main - security/vuxml: Add Mozilla vulnerabilities Message-ID: <69c586a1.1a3e0.36af47ad@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=62f0a081738b3e2d8d551bd87526567c8de55704 commit 62f0a081738b3e2d8d551bd87526567c8de55704 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2026-03-26 19:15:41 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2026-03-26 19:18:38 +0000 security/vuxml: Add Mozilla vulnerabilities --- security/vuxml/vuln/2026.xml | 215 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 191 insertions(+), 24 deletions(-) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 89d4594f362f..56d3211142d9 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,38 +1,205 @@ - <vuln vid="c6d41ac8-28d2-11f1-b35e-bc241121aa0a"> - <topic>FreeBSD -- pf silently ignores certain rules</topic> + <vuln vid="26c24872-2943-11f1-8461-b42e991fc52e"> + <topic>Mozilla -- Multiple vulnerabilities</topic> <affects> <package> - <name>FreeBSD-kernel</name> - <range><ge>15.0</ge><lt>15.0_5</lt></range> - <range><ge>14.4</ge><lt>14.4_1</lt></range> - <range><ge>14.3</ge><lt>14.3_10</lt></range> + <name>firefox</name> + <range><lt>149.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>149.0.0</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <h1>Problem Description:</h1> - <p>A regression in the way hashes were calculated caused rules - containing the address range syntax (x.x.x.x - y.y.y.y) that only - differ in the address range(s) involved to be silently dropped as - duplicates. Only the first of such rules is actually loaded into - pf. Ranges expressed using the address[/mask-bits] syntax were not - affected.</p> - <p>Some keywords representing actions taken on a packet-matching rule, - such as 'log', 'return tll', or 'dnpipe', may suffer from the same - issue. It is unlikely that users have such configurations, as these - rules would always be redundant. The verification described in - "IV. Workaround" below will find these as well.</p> - <h1>Impact:</h1> - <p>Affected rules are silently ignored, which can lead to unexpected - behaviour including over- and underblocking.</p> + <p>CVE-2026-4729: Memory safety bugs</p> + <p>CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking + component.</p> + <p>CVE-2026-4727: Denial-of-service in the Libraries component + in NSS.</p> + <p>CVE-2026-4726: Denial-of-service in the XML component.</p> + <p>CVE-2026-4725: Sandbox escape due to use-after-free in the + Graphics: Canvas2D component.</p> + <p>CVE-2026-4724: Undefined behavior in the Audio/Video + component.</p> + <p>CVE-2026-4723: Use-after-free in the JavaScript Engine + component.</p> + <p>CVE-2026-4722: Privilege escalation in the IPC component.</p> </body> </description> <references> - <cvename>CVE-2026-4748</cvename> - <freebsdsa>SA-26:09.pf</freebsdsa> + <cvename>CVE-2026-4729</cvename> + <cvename>CVE-2026-4728</cvename> + <cvename>CVE-2026-4727</cvename> + <cvename>CVE-2026-4726</cvename> + <cvename>CVE-2026-4725</cvename> + <cvename>CVE-2026-4724</cvename> + <cvename>CVE-2026-4723</cvename> + <cvename>CVE-2026-4722</cvename> </references> <dates> - <discovery>2026-03-25</discovery> + <discovery>2026-03-24</discovery> + <entry>2026-03-26</entry> + </dates> + </vuln> + + <vuln vid="32819a60-2943-11f1-8461-b42e991fc52e"> + <topic>Mozilla -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>149.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.9.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>149.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>CVE-2026-4721: Memory safety bugs. Potential arbitrary code + execution.</p> + <p>CVE-2026-4709: Incorrect boundary conditions in the + Audio/Video: GMP component.</p> + <p>CVE-2026-4707: Incorrect boundary conditions in the Graphics: + Canvas2D component.</p> + <p>CVE-2026-4706: Incorrect boundary conditions in the Graphics: + Canvas2D component.</p> + <p>CVE-2026-4699: Incorrect boundary conditions in the Layout: + Text and Fonts component.</p> + <p>CVE-2026-4698: JIT miscompilation in the JavaScript Engine: + JIT component.</p> + <p>CVE-2026-4696: Use-after-free in the Layout: Text and Fonts + component.</p> + <p>CVE-2026-4694: Incorrect boundary conditions, integer + overflow in the Graphics component.</p> + <p>CVE-2026-4693: Incorrect boundary conditions in the + Audio/Video: Playback component.</p> + <p>CVE-2026-4692: Sandbox escape in the Responsive Design Mode + component.</p> + <p>CVE-2026-4691: Use-after-free in the CSS Parsing and + Computation component.</p> + <p>CVE-2026-4690: Sandbox escape due to integer overflow in the + XPCOM component.</p> + <p>CVE-2026-4689: Sandbox escape due to integer overflow in the + XPCOM component.</p> + <p>CVE-2026-4687: Sandbox escape in the Telemetry component.</p> + <p>CVE-2026-4686: Incorrect boundary conditions in the Graphics: + Canvas2D component.</p> + <p>CVE-2026-4685: Incorrect boundary conditions in the Graphics: + Canvas2D component.</p> + <p>CVE-2026-4684: Race condition, use-after-free in the + Graphics: WebRender component.</p> + </body> + </description> + <references> + <cvename>CVE-2026-4721</cvename> + <cvename>CVE-2026-4709</cvename> + <cvename>CVE-2026-4707</cvename> + <cvename>CVE-2026-4706</cvename> + <cvename>CVE-2026-4699</cvename> + <cvename>CVE-2026-4698</cvename> + <cvename>CVE-2026-4696</cvename> + <cvename>CVE-2026-4694</cvename> + <cvename>CVE-2026-4693</cvename> + <cvename>CVE-2026-4692</cvename> + <cvename>CVE-2026-4691</cvename> + <cvename>CVE-2026-4690</cvename> + <cvename>CVE-2026-4689</cvename> + <cvename>CVE-2026-4687</cvename> + <cvename>CVE-2026-4686</cvename> + <cvename>CVE-2026-4685</cvename> + <cvename>CVE-2026-4684</cvename> + </references> + <dates> + <discovery>2026-03-24</discovery> + <entry>2026-03-26</entry> + </dates> + </vuln> + + <vuln vid="6d445322-2945-11f1-8461-b42e991fc52e"> + <topic>Mozilla -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>149.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>149.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>CVE-2026-4688: Sandbox escape due to use-after-free in + Disability Access APIs.</p> + <p>CVE-2026-4695: Incorrect boundary conditions in the + Audio/Video: Web Codecs component.</p> + <p>CVE-2026-4697: Incorrect boundary conditions in the + Audio/Video: Web Codecs component.</p> + <p>CVE-2026-4700: Mitigation bypass in the Networking: HTTP + component.</p> + <p>CVE-2026-4701: Use-after-free in the JavaScript Engine + component.</p> + <p>CVE-2026-4702: JIT miscompilation in the JavaScript Engine + component.</p> + <p>CVE-2026-4704: Denial-of-service in the WebRTC: Signaling + component.</p> + <p>CVE-2026-4705: Undefined behavior in the WebRTC: Signaling + component.</p> + <p>CVE-2026-4708: Incorrect boundary conditions in the Graphics + component.</p> + <p>CVE-2026-4710: Incorrect boundary conditions in the + Audio/Video component.</p> + <p>CVE-2026-4711: Use-after-free in the Widget: Cocoa + component.</p> + <p>CVE-2026-4712: Information disclosure in the Widget: Cocoa + component.</p> + <p>CVE-2026-4713: Incorrect boundary conditions in the Graphics + component.</p> + <p>CVE-2026-4714: Incorrect boundary conditions in the + Audio/Video component.</p> + <p>CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D + component.</p> + <p>CVE-2026-4716: Incorrect boundary conditions and + uninitialized memory in the JavaScript Engine.</p> + <p>CVE-2026-4717: Privilege escalation in the Netmonitor + component.</p> + <p>CVE-2026-4718: Undefined behavior in the WebRTC: Signaling + component.</p> + <p>CVE-2026-4719: Incorrect boundary conditions in the Graphics: + Text component.</p> + <p>CVE-2026-4720: Memory safety bugs</p> + </body> + </description> + <references> + <cvename>CVE-2026-4688</cvename> + <cvename>CVE-2026-4695</cvename> + <cvename>CVE-2026-4697</cvename> + <cvename>CVE-2026-4700</cvename> + <cvename>CVE-2026-4701</cvename> + <cvename>CVE-2026-4702</cvename> + <cvename>CVE-2026-4704</cvename> + <cvename>CVE-2026-4705</cvename> + <cvename>CVE-2026-4708</cvename> + <cvename>CVE-2026-4710</cvename> + <cvename>CVE-2026-4711</cvename> + <cvename>CVE-2026-4712</cvename> + <cvename>CVE-2026-4713</cvename> + <cvename>CVE-2026-4714</cvename> + <cvename>CVE-2026-4715</cvename> + <cvename>CVE-2026-4716</cvename> + <cvename>CVE-2026-4717</cvename> + <cvename>CVE-2026-4718</cvename> + <cvename>CVE-2026-4719</cvename> + <cvename>CVE-2026-4720</cvename> + </references> + <dates> + <discovery>2026-03-24</discovery> <entry>2026-03-26</entry> </dates> </vuln>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c586a1.1a3e0.36af47ad>