Date: Thu, 29 Aug 2024 22:42:04 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@FreeBSD.org> Cc: ports-committers@FreeBSD.org, dev-commits-ports-main@FreeBSD.org, dev-commits-ports-all@FreeBSD.org Subject: Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites Message-ID: <1673063164.6537.1724964124887@localhost> In-Reply-To: <202408291747.47THltnT050010@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Hi, When I read the CVE documents they mention that these are about Firefox for iOS. The advisory page of Mozilla also talks about Firefox for iOS. https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/ So I doubt that this is applicable to the FreeBSD package. But you might know things I don't know. Regards, Ronald. Van: "Fernando Apesteguía" <fernape@FreeBSD.org> Datum: donderdag, 29 augustus 2024 19:47 Aan: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Onderwerp: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites > > The branch main has been updated by fernape: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 > > commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 > Author: Fernando Apesteguía <fernape@FreeBSD.org> > AuthorDate: 2024-08-29 17:43:33 +0000 > Commit: Fernando Apesteguía <fernape@FreeBSD.org> > CommitDate: 2024-08-29 17:47:42 +0000 > > security/vuxml: Record firefox multiple vulnerabilites > > CVE-2024-43111 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > > CVE-2024-43112 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > > CVE-2024-43113 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > --- > security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) > > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index 7dd64a18968f..e9606c88bfca 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -1,3 +1,42 @@ > + <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e"> > + <topic>firefox -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>firefox</name> > + <range><lt>129</lt></range> > + </package> > + </affects> > + <description> > + <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">; > + <p>security@mozilla.org reports:</p> > + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1874964">; > + <p>This update includes 3 CVEs:</p> > + <ul> > + <li>The contextual menu for links could provide an > + opportunity for cross-site scripting attacks.</li> > + <li>Long pressing on a download link could potentially > + provide a means for cross-site scripting.</li> > + <li>Long pressing on a download link could potentially > + allow Javascript commands to be executed within the > + browser.</li> > + </ul> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2024-43113</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url>; > + <cvename>CVE-2024-43112</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url>; > + <cvename>CVE-2024-43111</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url>; > + </references> > + <dates> > + <discovery>2024-08-06</discovery> > + <entry>2024-08-29</entry> > + </dates> > + </vuln> > + > <vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6"> > <topic>chromium -- multiple security fixes</topic> > <affects> > > > [-- Attachment #2 --] <html><head></head><body>Hi,<br> <br> When I read the CVE documents they mention that these are about Firefox for iOS.<br> The advisory page of Mozilla also talks about Firefox for iOS.<br> <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/">https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/</a><br>; <br> So I doubt that this is applicable to the FreeBSD package. But you might know things I don't know.<br> <br> Regards,<br> Ronald.<br> <br> <p><strong>Van:</strong> "Fernando Apesteguía" <fernape@FreeBSD.org><br> <strong>Datum:</strong> donderdag, 29 augustus 2024 19:47<br> <strong>Aan:</strong> ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org<br> <strong>Onderwerp:</strong> git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites</p> <blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px"> <div class="MessageRFC822Viewer" id="P"> <div class="TextPlainViewer" id="P.P">The branch main has been updated by fernape:<br> <br> URL: <a href="https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4">https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4</a><br>; <br> commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4<br> Author: Fernando Apesteguía <fernape@FreeBSD.org><br> AuthorDate: 2024-08-29 17:43:33 +0000<br> Commit: Fernando Apesteguía <fernape@FreeBSD.org><br> CommitDate: 2024-08-29 17:47:42 +0000<br> <br> security/vuxml: Record firefox multiple vulnerabilites<br> <br> CVE-2024-43111<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> <br> CVE-2024-43112<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> <br> CVE-2024-43113<br> * Base Score: 6.1 MEDIUM<br> * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br> ---<br> security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++<br> 1 file changed, 39 insertions(+)<br> <br> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml<br> index 7dd64a18968f..e9606c88bfca 100644<br> --- a/security/vuxml/vuln/2024.xml<br> +++ b/security/vuxml/vuln/2024.xml<br> @@ -1,3 +1,42 @@<br> + <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e"><br> + <topic>firefox -- multiple vulnerabilities</topic><br> + <affects><br> + <package><br> + <name>firefox</name><br> + <range><lt>129</lt></range><br> + </package><br> + </affects><br> + <description><br> + <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml"><br>; + <p>security@mozilla.org reports:</p><br> + <blockquote cite="<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1874964">https://bugzilla.mozilla.org/show_bug.cgi?id=1874964</a>"><br>; + <p>This update includes 3 CVEs:</p><br> + <ul><br> + <li>The contextual menu for links could provide an<br> + opportunity for cross-site scripting attacks.</li><br> + <li>Long pressing on a download link could potentially<br> + provide a means for cross-site scripting.</li><br> + <li>Long pressing on a download link could potentially<br> + allow Javascript commands to be executed within the<br> + browser.</li><br> + </ul><br> + </blockquote><br> + </body><br> + </description><br> + <references><br> + <cvename>CVE-2024-43113</cvename><br> + <url><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url">https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url</a>><br>; + <cvename>CVE-2024-43112</cvename><br> + <url><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url">https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url</a>><br>; + <cvename>CVE-2024-43111</cvename><br> + <url><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url">https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url</a>><br>; + </references><br> + <dates><br> + <discovery>2024-08-06</discovery><br> + <entry>2024-08-29</entry><br> + </dates><br> + </vuln><br> +<br> <vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6"><br> <topic>chromium -- multiple security fixes</topic><br> <affects></div> <hr></div> </blockquote> <br> </body></html>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1673063164.6537.1724964124887>