From owner-freebsd-questions@freebsd.org  Sat Aug  8 20:47:01 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EA949B660D
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat,  8 Aug 2015 20:47:01 +0000 (UTC) (envelope-from stoa@gmx.us)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 82A231A54
 for <freebsd-questions@freebsd.org>; Sat,  8 Aug 2015 20:47:00 +0000 (UTC)
 (envelope-from stoa@gmx.us)
Received: from slack ([24.116.197.15]) by mail.gmx.com (mrgmx103) with ESMTPSA
 (Nemesis) id 0MIMyZ-1ZOzpM1TZf-004E3F for
 <freebsd-questions@freebsd.org>; Sat, 08 Aug 2015 22:46:51 +0200
Date: Sat, 8 Aug 2015 15:46:39 -0500
From: Dutch Ingraham <stoa@gmx.us>
To: freebsd-questions@freebsd.org
Subject: Firefox Vulnerabilities
Message-ID: <20150808204639.GA8567@slack>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:feMg73ripS0r1l/kynxY1mzpx2/awfXHU9lufcFL4KEdHqnJxvV
 dCQkK96QyOvPx4GjA3MyhebYa93qQkdNi+y7AICxq34QMCdpT0GRCS+1QI9h3mfIH7VmrHS
 BcKIyrh1di2vKI1V3NH6DcRWqfLJN4DoLeABNpypvhYj9mrOftTnoSD8ilNuyUx2bqDQ8lK
 vmh0HjA4yThR6fzvrlkcg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:CmpCK6eeLCg=:bGsWCXF70S8XH3CY4qjLV7
 E+cDx1cN1k3AtPLxGS0LF1DM1sNJHwlSSETN1KAv1Jbxbaqi48cEDvYk4D7j0fYia6rjk9sjn
 PRr8V+JwEqivKoincAtxaA/W8TEuQvK3BJAvozEVc+OflDeF1VDtCFtjViV3fWtsiLIYuy3EZ
 gqz/BuP295NQ3StdM7aN0XI1cB3Uu48ro3Lb7HVM0DYfG4OjlUzeizACVJ2q8iEATxcL2y4VR
 CJSnWC0KQcWsAosEqHS6ekgfvHohoj2M6t8i75z12vpve/a44fP80jznDwJfceYH0XLf2hlnw
 R3iad9Q2wucojVfCFrlcfr8gyNAAJDq9hdssUWng9d708OjMjTg10+UsddRiIt9TcQ6GaeR+H
 /je9vLRBU39jIwAFnDSa2ui3Drl395wWQLMk+qnXjMttrDd6e2G5isJ9ze2WqlOeDpj6sRrW0
 GhSj0rLlsCiUjxpxWq2UM2yHCsYzhCFJXwn0EFWfMc3+nATfIKaYsLzm9tDvnSN5Vwzg90d1Q
 INw54rH4m1QB29iTcn3gF5q4vz2bcvCYrqrtFa9z2e3AHgEBDB/FTtwaWUo7J1CGLKYMUNYSO
 lpzdPDogDmIEjCGgxvkH3VJuzI2xpN97JzOI2iWa4n7G9R9vk+gpc9OC9SjRIoMaiAstMcT3V
 JdSXm9nsxzeFbN+ymlRB7qAZLIfIralJPkHehddsi4zWdW4Bb8wBuylYMppAA9TOjlasWGFIl
 FCkJ7hj+LUGT5Uuz
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 20:47:01 -0000

Hi all:

I'm currently running amd64 version 10.1-RELEASE-p16.  I update my 
ports tree through svn.  Yesterday, I updated the tree and subsequently 
upgraded Firefox:

$ pkg info firefox
firefox-40.0,1
Name			: firefox
Version			: 40.0,1
Installed on	: Fri Aug  7 08:08:07 CDT 2015
[snip]

As everyone knows, there was a vulnerability announced a few days ago 
related to the pdf viewer in Firefox.[1]  This was fixed in the latest 
stable version, which is apparently 39.0.3.[2]  Version 40.*, which 
started life prior to the date of the vulnerability, remains in beta.[3]

I can't seem to find where this vulnerability [1] was fixed in the beta 
version in the ports tree.[4]  I don't see any comments in 
/usr/ports/UPDATING nor in /usr/ports/CHANGES related to this issue.

Can someone comment on the status of [1] in the current "stable" 
Freebsd version of Firefox, 40.0,1?  Thanks.


[1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
[2] https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
[3] https://www.mozilla.org/en-US/firefox/40.0beta/releasenotes/
[4] https://bugzilla.mozilla.org/buglist.cgi?j_top=OR&f1=target_milestone&\
o3=equals&v3=Firefox%2040&o1=equals&resolution=FIXED&o2=anyexact&query_\
format=advanced&f3=target_milestone&f2=cf_status_firefox40&bug_status=\
RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&v1=mozilla40&v2=fixed%\
2Cverified&limit=0