From nobody Thu Nov 13 18:12:31 2025
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d6pJw0fQqz6HDn0;
	Thu, 13 Nov 2025 18:12:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d6pJw04L2z3sNh;
	Thu, 13 Nov 2025 18:12:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1763057552;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=h28PJkCuf6tz+NBXnYbC7IZIz17rqBqIgRR14a/fYvk=;
	b=TVTzNgZDvynzO7faX6d7Xbh3y+siBAUP9RuHDVAJEGSB832vpE1GPMhlrXMHf8LMJEBZJ4
	bf83Jr8jQvZQ21qiYv5bkxoKjbjN9rdAxU8t5uHGDyNu1UMQVFPpxpXPuo+pFa4LFpgATB
	ES/OAQgC2ycoMqW3Uk92r+TQT205+f/aT9yYPbonasHJLgb39nQC+WxnX4DZLpnRakLd8W
	0qACyGVrQG0er9UhaDw3zfRWeArkous6kNEp6cGZnG8WH61Knh6ZQo6qML35xpET+VW9qv
	oJL09ZErveEAdgFybkmz2IbE8YiVRem9mi2WT2izFrDnUGa41kF6vf6PsFYVRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1763057552;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=h28PJkCuf6tz+NBXnYbC7IZIz17rqBqIgRR14a/fYvk=;
	b=ugfu6pyDVdbZCM/81apuVnerW1FJ5v7UbIuMZuP5sQpudEs3blEkkTfLNANGRHtP1FpmY1
	1og9+9SxPO1/Tceq+/AP+WYY04pwSupOVL78a9NYk+rGybyyT8I7CqcRXRw41wAk3xtmNj
	3kPFqUFXXQOkdL1C0mccg9hsmhk40bmo34pLjKtXu3VWO0KRVki1ELEBBSpa2zUkjQ2VZJ
	yR6npbAMFksXjdtpoBoGmEgtsACXNRLWZJul7HMxN5u1VbQnkKelTtv7/nGUG3wsIR96zt
	TUBpFVF+M40VXTGhX4psxlXwKl+u2HAdCu74NHpsw6Sl9oNZDkJ3GJ5lGFif7Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763057552; a=rsa-sha256; cv=none;
	b=EixHhigG29rwfxJ08VIB+Izmx60xzLQTWeD9KBpfwbIOwE8ROvQZzESgwMH6jp9KVrSpeD
	NqVaUTf72YrTSSi2qMh6+VURPI7hhWx0nPs4OX61lKrSdt8GVc2B/RgOJ2Alsfpw2vAZ/I
	QfIusL3SGn967Scz9jmbp8ia8GKdrwlJWLsCUl3THvFCXOVnsC7Am4yRuBy0HmvCCrMHXj
	T0SqRDWdWbPh0yWJ9CjqGfiacVTsL8xfxFurv5F86LMxqYr7aJY5CorrB+Fl6fTHQWq1QZ
	GrIFy152oq13kRBsg8XJmwlVYnEdt1R112ssaRctapz64UT8gIO+1qQEIWaBLQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d6pJv6gthzXXL;
	Thu, 13 Nov 2025 18:12:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5ADICVRv057871;
	Thu, 13 Nov 2025 18:12:31 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5ADICVYW057868;
	Thu, 13 Nov 2025 18:12:31 GMT
	(envelope-from git)
Date: Thu, 13 Nov 2025 18:12:31 GMT
Message-Id: <202511131812.5ADICVYW057868@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org>
Subject: git: dcb1b3e74e7b - main - security/vuxml: Mozilla multiple
  vulnerabilities
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: fernape
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: dcb1b3e74e7b692e0dd9eb3e53681afc95c6845b
Auto-Submitted: auto-generated

The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dcb1b3e74e7b692e0dd9eb3e53681afc95c6845b

commit dcb1b3e74e7b692e0dd9eb3e53681afc95c6845b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-11-13 18:05:16 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-11-13 18:12:16 +0000

    security/vuxml: Mozilla multiple vulnerabilities
    
     * CVE-2025-13012 - 7.5
     * CVE-2025-13013 - 6.1
     * CVE-2025-13014 - 6.1
     * CVE-2025-13015 - 3.4
     * CVE-2025-13016 - 7.5
     * CVE-2025-13017 - 6.1
     * CVE-2025-13018 - 6.1
     * CVE-2025-13019 - 6.1
     * CVE-2025-13020 - 6.1
     * CVE-2025-13021 - 7.5
     * CVE-2025-13022 - 7.5
     * CVE-2025-13023 - 7.5
     * CVE-2025-13024 - 7.5
     * CVE-2025-13025 - 7.5
     * CVE-2025-13026 - 7.5
     * CVE-2025-13027 - 7.5
---
 security/vuxml/vuln/2025.xml | 139 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 9e7a56ca2a37..d617289e320b 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,142 @@
+  <vuln vid="bff06006-c0b7-11f0-ab42-b42e991fc52e">
+    <topic>Mozilla -- Memory safety bugs</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    <package>
+	<name>thunderbird</name>
+	<range><lt>145.0.0</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1987237%2C1990079%2C1991715%2C1994994 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1987237%2C1990079%2C1991715%2C1994994">
+	  <p>Memory safety bugs. Some of these bugs showed evidence of
+	  memory corruption and we presume that with enough effort
+	  some of these could have been exploited to run arbitrary
+	  code. </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13027</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13027</url>
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a2a815c8-c0b7-11f0-ab42-b42e991fc52e">
+    <topic>Firefox -- Multiple vulnerabilities</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>https://bugzilla.mozilla.org/show_bug.cgi?id=1994441 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1994441">
+	  <ul>
+	  <li>Sandbox escape due to incorrect boundary conditions in
+	    the Graphics: WebGPU component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  <li>JIT miscompilation in the JavaScript Engine: JIT component.</li>
+	  <li>Sandbox escape due to incorrect boundary conditions in
+	    the Graphics: WebGPU component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  <li>Incorrect boundary conditions in the Graphics: WebGPU
+	    component.</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13026</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13026</url>
+      <cvename>CVE-2025-13025</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13025</url>
+      <cvename>CVE-2025-13024</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13024</url>
+      <cvename>CVE-2025-13023</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13023</url>
+      <cvename>CVE-2025-13022</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13022</url>
+      <cvename>CVE-2025-13021</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13021</url>
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c894635c-c0b6-11f0-ab42-b42e991fc52e">
+    <topic>firefox -- Use-after-free</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>145.0.0,2</lt></range>
+    </package>
+    <package>
+	<name>firefox-esr</name>
+	<range><lt>140.5</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>https://bugzilla.mozilla.org/show_bug.cgi?id=1995686 reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1995686">
+	  <ul>
+	  <li>Use-after-free in the WebRTC: Audio/Video component.</li>
+	  <li>Same-origin policy bypass in the DOM: Workers component.</li>
+	  <li>Mitigation bypass in the DOM: Security component.</li>
+	  <li>Same-origin policy bypass in the DOM: Notifications
+	    component.</li>
+	  <li>Incorrect boundary conditions in the JavaScript:
+	    WebAssembly component.</li>
+	  <li>Spoofing issue in Firefox.</li>
+	  <li>Use-after-free in the Audio/Video component.</li>
+	  <li>Mitigation bypass in the DOM: Core and HTML component.</li>
+	  <li>Race condition in the Graphics component.</li>
+	</ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-13020</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13020</url>
+      <cvename>CVE-2025-13019</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13019</url>
+      <cvename>CVE-2025-13018</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13018</url>
+      <cvename>CVE-2025-13017</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13017</url>
+      <cvename>CVE-2025-13016</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13016</url>
+      <cvename>CVE-2025-13015</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13015</url>
+      <cvename>CVE-2025-13014</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13014</url>
+      <cvename>CVE-2025-13013</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13013</url>
+      <cvename>CVE-2025-13012</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2025-13012</url>
+    </references>
+    <dates>
+      <discovery>2025-11-11</discovery>
+      <entry>2025-11-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="5a1d6309-c04a-11f0-85d8-2cf05da270f3">
     <topic>Gitlab -- vulnerabilities</topic>
     <affects>