Date: Wed, 29 Apr 2026 15:02:22 +0000 From: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 32bc1f34625a - main - security/vuxml: Add Mozilla vulnerabilities Message-ID: <69f21d7e.3ddc5.3a0505f6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=32bc1f34625a622e8fce34da4e94ac8ed30e5dda commit 32bc1f34625a622e8fce34da4e94ac8ed30e5dda Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2026-04-28 14:56:18 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2026-04-29 15:01:56 +0000 security/vuxml: Add Mozilla vulnerabilities * CVE-2026-6786 * CVE-2026-6785 * CVE-2026-6784 * CVE-2026-6783 * CVE-2026-6782 * CVE-2026-6781 * CVE-2026-6780 * CVE-2026-6779 * CVE-2026-6778 * CVE-2026-6777 * CVE-2026-6776 * CVE-2026-6775 * CVE-2026-6774 * CVE-2026-6773 * CVE-2026-6772 * CVE-2026-6771 * CVE-2026-6770 * CVE-2026-6769 * CVE-2026-6768 * CVE-2026-6767 * CVE-2026-6766 * CVE-2026-6765 * CVE-2026-6764 * CVE-2026-6763 * CVE-2026-6762 * CVE-2026-6761 * CVE-2026-6760 * CVE-2026-6759 * CVE-2026-6758 * CVE-2026-6757 * CVE-2026-6756 * CVE-2026-6755 * CVE-2026-6754 * CVE-2026-6753 * CVE-2026-6752 * CVE-2026-6751 * CVE-2026-6750 * CVE-2026-6749 * CVE-2026-6748 * CVE-2026-6747 * CVE-2026-6746 --- security/vuxml/vuln/2026.xml | 1486 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1486 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index ce757517f870..b97db0d362bc 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,1489 @@ + <vuln vid="98c23e2b-43c7-11f1-a190-b42e991fc52e"> + <topic>Mozilla -- Sandbox escape</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox</name> + <range><lt>140.10.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2029461 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2029461">; + <p> + Sandbox escape due to incorrect boundary conditions in the + WebRTC: Networking component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-7321</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-7321</url>; + </references> + <dates> + <discovery>2026-04-28</discovery> + <entry>2026-04-29</entry> + </dates> + </vuln> + + <vuln vid="5a44e168-4394-11f1-a190-b42e991fc52e"> + <topic>firefox -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.1,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040">; + <p> + Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-7322</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-7322</url>; + </references> + <dates> + <discovery>2026-04-28</discovery> + <entry>2026-04-29</entry> + </dates> + </vuln> + + <vuln vid="581838b8-4394-11f1-a190-b42e991fc52e"> + <topic>firefox -- Information disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.1,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2027433">; + <p> + Information disclosure due to incorrect boundary + conditions in the Audio/Video component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-7320</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-7320</url>; + </references> + <dates> + <discovery>2026-04-28</discovery> + <entry>2026-04-29</entry> + </dates> + </vuln> + + <vuln vid="560f4838-4394-11f1-a190-b42e991fc52e"> + <topic>firefox -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.1,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886">; + <p> + Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-7324</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-7324</url>; + </references> + <dates> + <discovery>2026-04-28</discovery> + <entry>2026-04-29</entry> + </dates> + </vuln> + + <vuln vid="53ff336e-4394-11f1-a190-b42e991fc52e"> + <topic>firefox -- Information disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.1,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2027433">; + <p> + Information disclosure due to incorrect boundary + conditions in the Audio/Video component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-7320</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-7320</url>; + </references> + <dates> + <discovery>2026-04-28</discovery> + <entry>2026-04-29</entry> + </dates> + </vuln> + + <vuln vid="6f1af47d-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C2024420%2C2024429%2C2024432%2C2024455%2C2024466%2C2024468%2C2024476%2C2024664%2C2024666%2C2024669%2C2024670%2C2024671%2C2024761%2C2024918%2C2025292%2C2025332%2C2025348%2C2025384%2C2025395%2C2025458%2C2025461%2C2025463%2C2025481%2C2025483%2C2025485%2C2025494%2C2025506%2C2025511%2C2025513%2C2025520%2C2026277%2C2026282%2C2026288%2C2026289%2C2026311%2C2026312%2C2026869%2C2027152%2C2027161%2C2027238%2C2027261%2C2027269%2C2027274%2C2027280%2C2027281%2C2027300%2C2027302%2C2027331%2C2027339%2C2027340%2C2027738%2C2027975%2C2028000%2C2028011%2C2028289%2C2028525%2C2028728%2C2028887%2C2028888%2C2028896%2C2029063%2C2029064%2C2029290%2C2029291%2C2029294%2C2029300%2C2029304%2C2029316%2C202931 7%2C2029401%2C2029415%2C2029430%2C2029457%2C2029727%2C2029735%2C2029743%2C2029752%2C2029754%2C2029776%2C2029809%2C2030324%2C2030370 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C2024420%2C2024429%2C2024432%2C2024455%2C2024466%2C2024468%2C2024476%2C2024664%2C2024666%2C2024669%2C2024670%2C2024671%2C2024761%2C2024918%2C2025292%2C2025332%2C2025348%2C2025384%2C2025395%2C2025458%2C2025461%2C2025463%2C2025481%2C2025483%2C2025485%2C2025494%2C2025506%2C2025511%2C2025513%2C2025520%2C2026277%2C2026282%2C2026288%2C2026289%2C2026311%2C2026312%2C2026869%2C2027152%2C2027161%2C2027238%2C2027261%2C2027269%2C2027274%2C2027280%2C2027281%2C2027300%2C2027302%2C2027331%2C2027339%2C2027340%2C2027738%2C2027975%2C2028000%2C2028011%2C2028289%2C2028525%2C2028728%2C2028887%2C2028888%2C2028896%2C2029063%2C2029064%2C2029290%2C2029291%2C2029294%2C2029300%2C2029304%2C2 029316%2C2029317%2C2029401%2C2029415%2C2029430%2C2029457%2C2029727%2C2029735%2C2029743%2C2029752%2C2029754%2C2029776%2C2029809%2C2030324%2C2030370"> + <p> + Memory safety bugs present. Some of these bugs showed + evidence of memory corruption and we presume that with + enough effort some of these could have been exploited to + run arbitrary code. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6786</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6786</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="6c9ca7e3-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2027291%2C202729 3%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2 027291%2C2027293%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320"> + <p> + Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6785</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6785</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="6881ae01-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801">; + <p> + Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6784</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6784</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="65858bef-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2027564 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2027564">; + <p> + Incorrect boundary conditions, integer overflow in the + Audio/Video: Playback component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6783</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6783</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="62053c0f-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Information disclosure in the IP Protection component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2026571 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2026571">; + <p>Information disclosure in the IP Protection component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6782</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6782</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="5f2386b6-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Denial-of-service</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2025583 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2025583">; + <p>Denial-of-service in the Audio/Video: Playback component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6781</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6781</url>; + <cvename>CVE-2026-6780</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6780</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="58a378c8-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Other issue in the JavaScript Engine component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2023343 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2023343">; + <p>Other issue in the JavaScript Engine component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6779</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6779</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="5124ce36-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Invalid pointer</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2022746 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2022746">; + <p>Invalid pointer in the Audio/Video: Playback component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6778</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6778</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="4ca48006-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Other issue in the Networking: DNS component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2022726 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2022726">; + <p>Other issue in the Networking: DNS component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6777</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6777</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="48003ad3-430a-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2021770 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2021770">; + <p> + Incorrect boundary conditions in the WebRTC: Networking + component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6776</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6776</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="27c3930a-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions in the WebRTC component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2021768 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2021768">; + <p>Incorrect boundary conditions in the WebRTC component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6775</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6775</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="2510f10a-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Mitigation bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2016915 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2016915">; + <p>Mitigation bypass in the DOM: Security component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6774</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6774</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="2239d66b-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Denial-of-service</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2015959 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2015959">; + <p> + Denial-of-service due to integer overflow in the Graphics: + WebGPU component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6773</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6773</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="1fc576a4-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2026089 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2026089">; + <p> + Incorrect boundary conditions in the Libraries component + in NSS. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6772</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6772</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="1d3f0d87-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Mitigation bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2025067 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2025067">; + <p>Mitigation bypass in the DOM: Security component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6771</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6771</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="1a442c0b-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Other issue in the Storage: IndexedDB component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2024220 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2024220">; + <p>Other issue in the Storage: IndexedDB component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6770</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6770</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="177a7146-4307-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Privilege escalation in the Debugger component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2023753 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2023753">; + <p>Privilege escalation in the Debugger component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6769</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6769</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="872a6e95-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Mitigation bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2023615 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2023615">; + <p>Mitigation bypass in the Networking: Cookies component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6768</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6768</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="82451a4b-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Other issue in the Libraries component in NSS</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2023209 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2023209">; + <p>Other issue in the Libraries component in NSS.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6767</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6767</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="7ff13e75-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2023207 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2023207">; + <p> + Incorrect boundary conditions in the Libraries component + in NSS. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6766</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6766</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="7da0d8ae-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Information disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2022419 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2022419">; + <p>Information disclosure in the Form Autofill component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6765</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6765</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="7ae808b5-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>150.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2022162 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2022162">; + <p> + Incorrect boundary conditions in the DOM: Device Interfaces + component. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-6764</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-6764</url>; + </references> + <dates> + <discovery>2026-04-21</discovery> + <entry>2026-04-28</entry> + </dates> + </vuln> + + <vuln vid="785dfce9-4305-11f1-a627-b42e991fc52e"> + <topic>Mozilla -- Mitigation bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>150.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.10.0</lt></range> + </package> + <package> + <name>thunderbird</name> *** 564 LINES SKIPPED ***home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f21d7e.3ddc5.3a0505f6>