Date: Thu, 29 Aug 2024 22:42:04 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@FreeBSD.org> Cc: ports-committers@FreeBSD.org, dev-commits-ports-main@FreeBSD.org, dev-commits-ports-all@FreeBSD.org Subject: Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites Message-ID: <1673063164.6537.1724964124887@localhost> In-Reply-To: <202408291747.47THltnT050010@gitrepo.freebsd.org> References: <202408291747.47THltnT050010@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_6536_1322486566.1724964124857 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, When I read the CVE documents they mention that these are about Firefox for= iOS. The advisory page of Mozilla also talks about Firefox for iOS. https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/ So I doubt that this is applicable to the FreeBSD package. But you might kn= ow things I don't know. Regards, Ronald. =20 Van: "Fernando Apestegu=C3=ADa" <fernape@FreeBSD.org> Datum: donderdag, 29 augustus 2024 19:47 Aan: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-c= ommits-ports-main@FreeBSD.org Onderwerp: git: 4453cf7eef05 - main - security/vuxml: Record firefox multip= le vulnerabilites >=20 > The branch main has been updated by fernape: >=20 > URL: https://cgit.FreeBSD.org/ports/commit/?id=3D4453cf7eef05f9ac2b27bda7= a87afb7da713f1c4 >=20 > commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 > Author: Fernando Apestegu=C3=ADa <fernape@FreeBSD.org> > AuthorDate: 2024-08-29 17:43:33 +0000 > Commit: Fernando Apestegu=C3=ADa <fernape@FreeBSD.org> > CommitDate: 2024-08-29 17:47:42 +0000 >=20 > security/vuxml: Record firefox multiple vulnerabilites > =20 > CVE-2024-43111 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > =20 > CVE-2024-43112 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > =20 > CVE-2024-43113 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > --- > security/vuxml/vuln/2024.xml | 39 ++++++++++++++++++++++++++++++++++++++= + > 1 file changed, 39 insertions(+) >=20 > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index 7dd64a18968f..e9606c88bfca 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -1,3 +1,42 @@ > + <vuln vid=3D"44de1b82-662d-11ef-a51b-b42e991fc52e"> > + <topic>firefox -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>firefox</name> > + <range><lt>129</lt></range> > + </package> > + </affects> > + <description> > + <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">; > + <p>security@mozilla.org reports:</p> > + <blockquote cite=3D"https://bugzilla.mozilla.org/show_bug.cgi?id=3D18= 74964"> > + <p>This update includes 3 CVEs:</p> > + <ul> > + <li>The contextual menu for links could provide an > + opportunity for cross-site scripting attacks.</li> > + <li>Long pressing on a download link could potentially > + provide a means for cross-site scripting.</li> > + <li>Long pressing on a download link could potentially > + allow Javascript commands to be executed within the > + browser.</li> > + </ul> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2024-43113</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url>; > + <cvename>CVE-2024-43112</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url>; > + <cvename>CVE-2024-43111</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url>; > + </references> > + <dates> > + <discovery>2024-08-06</discovery> > + <entry>2024-08-29</entry> > + </dates> > + </vuln> > + > <vuln vid=3D"6f2545bb-65e8-11ef-8a0f-a8a1599412c6"> > <topic>chromium -- multiple security fixes</topic> > <affects> >=20 >=20 >=20 =20 ------=_Part_6536_1322486566.1724964124857 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body>Hi,<br> <br> When I read the CVE documents they mention that these are about Firefox for= iOS.<br> The advisory page of Mozilla also talks about Firefox for iOS.<br> <a href=3D"https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/">= https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/</a><br>; <br> So I doubt that this is applicable to the FreeBSD package. But you might kn= ow things I don't know.<br> <br> Regards,<br> Ronald.<br> <br> <p><strong>Van:</strong> "Fernando Apestegu=C3=ADa" <fernape@FreeBSD.org= ><br> <strong>Datum:</strong> donderdag, 29 augustus 2024 19:47<br> <strong>Aan:</strong> ports-committers@FreeBSD.org, dev-commits-ports-all@F= reeBSD.org, dev-commits-ports-main@FreeBSD.org<br> <strong>Onderwerp:</strong> git: 4453cf7eef05 - main - security/vuxml: Reco= rd firefox multiple vulnerabilites</p> <blockquote style=3D"padding-right: 0px; padding-left: 5px; margin-left: 5p= x; border-left: #000000 2px solid; margin-right: 0px"> <div class=3D"MessageRFC822Viewer" id=3D"P"> <div class=3D"TextPlainViewer" id=3D"P.P">The branch main has been updated = by fernape:<br> <br> URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D4453cf7eef05f9a= c2b27bda7a87afb7da713f1c4">https://cgit.FreeBSD.org/ports/commit/?id=3D4453= cf7eef05f9ac2b27bda7a87afb7da713f1c4</a><br> <br> commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4<br> Author: Fernando Apestegu=C3=ADa <fernape@FreeBS= D.org><br> AuthorDate: 2024-08-29 17:43:33 +0000<br> Commit: Fernando Apestegu=C3=ADa <fernape@FreeBS= D.org><br> CommitDate: 2024-08-29 17:47:42 +0000<br> <br> security/vuxml: Record firefox multiple vulnerabili= tes<br> <br> CVE-2024-43111<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:= 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> <br> CVE-2024-43112<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:= 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> <br> CVE-2024-43113<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:= 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> ---<br> security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++= ++++<br> 1 file changed, 39 insertions(+)<br> <br> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml<br= > index 7dd64a18968f..e9606c88bfca 100644<br> --- a/security/vuxml/vuln/2024.xml<br> +++ b/security/vuxml/vuln/2024.xml<br> @@ -1,3 +1,42 @@<br> + <vuln vid=3D"44de1b82-662d-11ef-a51b-b42e991fc52e"><br> + <topic>firefox -- multiple vulnerabilities</to= pic><br> + <affects><br> + <package><br> + <name>firefox</name><br> + <range><lt>129</lt></range><br> + </package><br> + </affects><br> + <description><br> + <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/19= 99/xhtml"><br> + <p>security@mozilla.org reports:</p><br> + <blockquote cite=3D"<a href=3D"https://bugzilla.mozilla.or= g/show_bug.cgi?id=3D1874964">https://bugzilla.mozilla.org/show_bug.cgi?id= =3D1874964</a>"><br> + <p>This update includes 3 CVEs:</p><b= r> + <ul><br> + <li>The contextual = menu for links could provide an<br> + opportunity for cross-site scripting = attacks.</li><br> + <li>Long pressing o= n a download link could potentially<br> + provide a means for cross-site script= ing.</li><br> + <li>Long pressing o= n a download link could potentially<br> + allow Javascript commands to be execu= ted within the<br> + browser.</li><br> + </ul><br> + </blockquote><br> + </body><br> + </description><br> + <references><br> + <cvename>CVE-2024-43113</cvename&g= t;<br> + <url><a href=3D"https://nvd.nist.gov/= vuln/detail/CVE-2024-43113</url">https://nvd.nist.gov/vuln/detail/CVE-2024-= 43113</url</a>><br> + <cvename>CVE-2024-43112</cvename&g= t;<br> + <url><a href=3D"https://nvd.nist.gov/= vuln/detail/CVE-2024-43112</url">https://nvd.nist.gov/vuln/detail/CVE-2024-= 43112</url</a>><br> + <cvename>CVE-2024-43111</cvename&g= t;<br> + <url><a href=3D"https://nvd.nist.gov/= vuln/detail/CVE-2024-43111</url">https://nvd.nist.gov/vuln/detail/CVE-2024-= 43111</url</a>><br> + </references><br> + <dates><br> + <discovery>2024-08-06</discovery&g= t;<br> + <entry>2024-08-29</entry><br> + </dates><br> + </vuln><br> +<br> <vuln vid=3D"6f2545bb-65e8-11ef-8a0f-a8a1599412c6">= <br> <topic>chromium -- multiple security fi= xes</topic><br> <affects></div> <hr></div> </blockquote> <br> </body></html> ------=_Part_6536_1322486566.1724964124857--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1673063164.6537.1724964124887>