Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Nov 2025 18:12:31 GMT
From:      Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: dcb1b3e74e7b - main - security/vuxml: Mozilla multiple vulnerabilities
Message-ID:  <202511131812.5ADICVYW057868@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dcb1b3e74e7b692e0dd9eb3e53681afc95c6845b

commit dcb1b3e74e7b692e0dd9eb3e53681afc95c6845b
Author:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
AuthorDate: 2025-11-13 18:05:16 +0000
Commit:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
CommitDate: 2025-11-13 18:12:16 +0000

    security/vuxml: Mozilla multiple vulnerabilities
    
     * CVE-2025-13012 - 7.5
     * CVE-2025-13013 - 6.1
     * CVE-2025-13014 - 6.1
     * CVE-2025-13015 - 3.4
     * CVE-2025-13016 - 7.5
     * CVE-2025-13017 - 6.1
     * CVE-2025-13018 - 6.1
     * CVE-2025-13019 - 6.1
     * CVE-2025-13020 - 6.1
     * CVE-2025-13021 - 7.5
     * CVE-2025-13022 - 7.5
     * CVE-2025-13023 - 7.5
     * CVE-2025-13024 - 7.5
     * CVE-2025-13025 - 7.5
     * CVE-2025-13026 - 7.5
     * CVE-2025-13027 - 7.5
---
 security/vuxml/vuln/2025.xml | 139 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 9e7a56ca2a37..d617289e320b 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,142 @@
+  <vuln vid="bff06006-c0b7-11f0-ab42-b42e991fc52e">
+    <topic>Mozilla -- Memory safety bugs</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    <package>
+	<name>thunderbird</name>
+	<range><lt>145.0.0</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1987237%2C1990079%2C1991715%2C1994994 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1987237%2C1990079%2C1991715%2C1994994">;
+	  <p>Memory safety bugs. Some of these bugs showed evidence of
+	  memory corruption and we presume that with enough effort
+	  some of these could have been exploited to run arbitrary
+	  code. </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13027</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13027</url>;
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a2a815c8-c0b7-11f0-ab42-b42e991fc52e">
+    <topic>Firefox -- Multiple vulnerabilities</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>https://bugzilla.mozilla.org/show_bug.cgi?id=1994441 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1994441">;
+	  <ul>
+	  <li>Sandbox escape due to incorrect boundary conditions in
+	    the Graphics: WebGPU component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  <li>JIT miscompilation in the JavaScript Engine: JIT component.</li>
+	  <li>Sandbox escape due to incorrect boundary conditions in
+	    the Graphics: WebGPU component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13026</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13026</url>;
+      <cvename>CVE-2025-13025</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13025</url>;
+      <cvename>CVE-2025-13024</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13024</url>;
+      <cvename>CVE-2025-13023</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13023</url>;
+      <cvename>CVE-2025-13022</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13022</url>;
+      <cvename>CVE-2025-13021</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13021</url>;
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c894635c-c0b6-11f0-ab42-b42e991fc52e">
+    <topic>firefox -- Use-after-free</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    <package>
+	<name>firefox-esr</name>
+	<range><lt>140.5</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>https://bugzilla.mozilla.org/show_bug.cgi?id=1995686 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1995686">;
+	  <ul>
+	  <li>Use-after-free in the WebRTC: Audio/Video component.</li>
+	  <li>Same-origin policy bypass in the DOM: Workers component.</li>
+	  <li>Mitigation bypass in the DOM: Security component.</li>
+	  <li>Same-origin policy bypass in the DOM: Notifications
+	    component.</li>
+	  <li>Incorrect boundary conditions in the JavaScript:
+	    WebAssembly component.</li>
+	  <li>Spoofing issue in Firefox.</li>
+	  <li>Use-after-free in the Audio/Video component.</li>
+	  <li>Mitigation bypass in the DOM: Core and HTML component.</li>
+	  <li>Race condition in the Graphics component.</li>
+	</ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13020</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13020</url>;
+      <cvename>CVE-2025-13019</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13019</url>;
+      <cvename>CVE-2025-13018</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13018</url>;
+      <cvename>CVE-2025-13017</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13017</url>;
+      <cvename>CVE-2025-13016</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13016</url>;
+      <cvename>CVE-2025-13015</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13015</url>;
+      <cvename>CVE-2025-13014</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13014</url>;
+      <cvename>CVE-2025-13013</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13013</url>;
+      <cvename>CVE-2025-13012</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13012</url>;
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="5a1d6309-c04a-11f0-85d8-2cf05da270f3">
     <topic>Gitlab -- vulnerabilities</topic>
     <affects>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511131812.5ADICVYW057868>