Date: Sun, 30 Mar 2025 16:51:36 GMT From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5f6d70f7ea52 - main - security/vuxml: Add Mozilla vulnerabilities Message-ID: <202503301651.52UGpabe061029@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=5f6d70f7ea52fb12b29ca098afa148441aa93df3 commit 5f6d70f7ea52fb12b29ca098afa148441aa93df3 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2025-03-30 16:49:58 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2025-03-30 16:51:16 +0000 security/vuxml: Add Mozilla vulnerabilities Affects firefox, fireforx-esr, thunderbird * CVE-2025-1942 * CVE-2025-1941 * CVE-2025-1932 * CVE-2025-27424 --- security/vuxml/vuln/2025.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 765a7507003d..ddce4d5700c1 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,62 @@ + <vuln vid="1a67144d-0d86-11f0-8542-b42e991fc52e"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>136.0</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.8</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>136.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1945392">; + <p>An inconsistent comparator in xslt/txNodeSorter could have resulted + in potentially exploitable out-of-bounds access. Only affected + version 122 and later. This vulnerability affects Firefox < + 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird + < 128.8.</p> + <p>Under certain circumstances, a user opt-in setting that Focus should + require authentication before use could have been be bypassed + (distinct from CVE-2025-0245). This vulnerability affects Firefox + < 136.</p> + <p>When String.toUpperCase() caused a string to get longer it was + possible for uninitialized memory to be incorporated into the result + string This vulnerability affects Firefox < 136 and Thunderbird + < 136.</p> + <p>Websites redirecting to a non-HTTP scheme URL could allow a website + address to be spoofed for a malicious page This vulnerability affects + Firefox for iOS < 136.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-1932</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1932</url>; + <cvename>CVE-2025-1941</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1941</url>; + <cvename>CVE-2025-1942</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1942</url>; + <cvename>CVE-2025-27424</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27424</url>; + </references> + <dates> + <discovery>2025-03-04</discovery> + <entry>2025-03-30</entry> + </dates> + </vuln> + <vuln vid="1d53db32-0d60-11f0-8542-b42e991fc52e"> <topic>suricata -- Multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202503301651.52UGpabe061029>