Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Oct 2013 20:59:23 +0000 (UTC)
From:      Florian Smeets <flo@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r332173 - head/security/vuxml
Message-ID:  <201310302059.r9UKxN9S044070@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: flo
Date: Wed Oct 30 20:59:22 2013
New Revision: 332173
URL: http://svnweb.freebsd.org/changeset/ports/332173

Log:
  Add an entry for the recent mozilla vulnerabilities

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Oct 30 20:56:33 2013	(r332172)
+++ head/security/vuxml/vuln.xml	Wed Oct 30 20:59:22 2013	(r332173)
@@ -51,6 +51,89 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="81f866ad-41a4-11e3-a4af-0025905a4771">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>24.1.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>25.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.22</lt></range>
+      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>24.1.0</lt></range>
+      </package>
+      <package>
+	<name>seamonkey</name>
+	<range><lt>2.22</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>25.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The Mozilla Project reports:</p>
+	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">;
+	  <p> MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 /
+	    rv:24.1 / rv:17.0.10)</p>
+	  <p> MFSA 2013-94 Spoofing addressbar though SELECT element</p>
+	  <p> MFSA 2013-95 Access violation with XSLT and uninitialized data</p>
+	  <p> MFSA 2013-96 Improperly initialized memory and overflows in some
+	    JavaScript functions</p>
+	  <p> MFSA 2013-97 Writing to cycle collected object during image
+	    decoding</p>
+	  <p> MFSA 2013-98 Use-after-free when updating offline cache</p>
+	  <p> MFSA 2013-99 Security bypass of PDF.js checks using iframes</p>
+	  <p> MFSA 2013-100 Miscellaneous use-after-free issues found through
+	    ASAN fuzzing</p>
+	  <p> MFSA 2013-101 Memory corruption in workers</p>
+	  <p> MFSA 2013-102 Use-after-free in HTML document templates</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2013-1739</cvename>
+	<cvename>CVE-2013-5590</cvename>
+	<cvename>CVE-2013-5591</cvename>
+	<cvename>CVE-2013-5592</cvename>
+	<cvename>CVE-2013-5593</cvename>
+	<cvename>CVE-2013-5595</cvename>
+	<cvename>CVE-2013-5596</cvename>
+	<cvename>CVE-2013-5597</cvename>
+	<cvename>CVE-2013-5598</cvename>
+	<cvename>CVE-2013-5599</cvename>
+	<cvename>CVE-2013-5600</cvename>
+	<cvename>CVE-2013-5601</cvename>
+	<cvename>CVE-2013-5602</cvename>
+	<cvename>CVE-2013-5603</cvename>
+	<cvename>CVE-2013-5604</cvename>
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-93.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-94.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-95.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-96.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-97.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-98.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-99.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-100.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-101.html</url>;
+	<url>https://www.mozilla.org/security/announce/2013/mfsa2013-102.html</url>;
+	<url>http://www.mozilla.org/security/known-vulnerabilities/</url>;
+    </references>
+    <dates>
+      <discovery>2013-10-29</discovery>
+      <entry>2013-10-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="4e23644c-cb93-4f83-9e20-5bc07ad9b39f">
     <topic>mod_pagespeed -- critical cross-site scripting (XSS) vulnerability</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310302059.r9UKxN9S044070>