Date: Thu, 12 Mar 2026 07:23:01 +0000 From: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 814d765572d9 - main - security/vuxml: Add Mozilla vulnerabilities Message-ID: <69b269d5.31e9d.139c4697@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=814d765572d991b99c537377274a20d02e0dd9f4 commit 814d765572d991b99c537377274a20d02e0dd9f4 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2026-03-12 07:21:36 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2026-03-12 07:21:36 +0000 security/vuxml: Add Mozilla vulnerabilities * CVE-2026-2771 - 9.8 * CVE-2026-3846 - 6.5 * CVE-2026-3847 - 8.8 --- security/vuxml/vuln/2026.xml | 90 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 1375039d83e0..1c728176e361 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,93 @@ + <vuln vid="b45d25ab-1de3-11f1-8aff-b42e991fc52e"> + <topic>Mozilla -- Undefined behavior in the DOM: Core & HTML component</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>148.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.8.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>148.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2014593 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2014593">; + <p>Undefined behavior in the DOM: Core & HTML component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-2771</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-2771</url>; + </references> + <dates> + <discovery>2026-02-24</discovery> + <entry>2026-03-12</entry> + </dates> + </vuln> + + <vuln vid="e1e40d50-1de2-11f1-8aff-b42e991fc52e"> + <topic>Firefox -- Same-origin policy bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>148.0.2,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2018400 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2018400">; + <p>Same-origin policy bypass in the CSS Parsing and + Computation component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-3846</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-3846</url>; + </references> + <dates> + <discovery>2026-03-10</discovery> + <entry>2026-03-12</entry> + </dates> + </vuln> + + <vuln vid="df82f42c-1de2-11f1-8aff-b42e991fc52e"> + <topic>firefox -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>148.0.2,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341">; + <p>Memory safety bugs present in Firefox 148.0.2. Some of + these bugs showed evidence of memory corruption and we + presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-3847</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2026-3847</url>; + </references> + <dates> + <discovery>2026-03-10</discovery> + <entry>2026-03-12</entry> + </dates> + </vuln> + <vuln vid="0236eab0-1d62-11f1-88f8-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69b269d5.31e9d.139c4697>