Date: Thu, 29 Aug 2024 17:47:55 GMT From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites Message-ID: <202408291747.47THltnT050010@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2024-08-29 17:43:33 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2024-08-29 17:47:42 +0000 security/vuxml: Record firefox multiple vulnerabilites CVE-2024-43111 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-43112 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-43113 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N --- security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 7dd64a18968f..e9606c88bfca 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,42 @@ + <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e"> + <topic>firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>129</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1874964">; + <p>This update includes 3 CVEs:</p> + <ul> + <li>The contextual menu for links could provide an + opportunity for cross-site scripting attacks.</li> + <li>Long pressing on a download link could potentially + provide a means for cross-site scripting.</li> + <li>Long pressing on a download link could potentially + allow Javascript commands to be executed within the + browser.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-43113</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url>; + <cvename>CVE-2024-43112</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url>; + <cvename>CVE-2024-43111</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url>; + </references> + <dates> + <discovery>2024-08-06</discovery> + <entry>2024-08-29</entry> + </dates> + </vuln> + <vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202408291747.47THltnT050010>