Date: Tue, 4 Feb 2014 21:19:14 +0000 (UTC) From: Beat Gaetzi <beat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r342609 - head/security/vuxml Message-ID: <201402042119.s14LJE7W062573@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: beat Date: Tue Feb 4 21:19:13 2014 New Revision: 342609 URL: http://svnweb.freebsd.org/changeset/ports/342609 QAT: https://qat.redports.org/buildarchive/r342609/ Log: Document mozilla vulnerabilities Reviewed by: flo Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Feb 4 21:16:12 2014 (r342608) +++ head/security/vuxml/vuln.xml Tue Feb 4 21:19:13 2014 (r342609) @@ -51,6 +51,100 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>25.0,1</gt><lt>27.0,1</lt></range> + <range><lt>24.3.0,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>27.0,1</lt></range> + </package> + <package> + <name>linux-seamonkey</name> + <range><lt>2.24</lt></range> + </package> + <package> + <name>linux-thunderbird</name> + <range><lt>24.3.0</lt></range> + </package> + <package> + <name>seamonkey</name> + <range><lt>2.24</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>24.3.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2014-01 Miscellaneous memory safety hazards + (rv:27.0 / rv:24.3)</p> + <p>MFSA 2014-02 Clone protected content with XBL scopes</p> + <p>MFSA 2014-03 UI selection timeout missing on download + prompts</p> + <p>MFSA 2014-04 Incorrect use of discarded images by + RasterImage</p> + <p>MFSA 2014-05 Information disclosure with *FromPoint on + iframes</p> + <p>MFSA 2014-06 Profile path leaks to Android system log</p> + <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content + Security Policy</p> + <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image + proccessing</p> + <p>MFSA 2014-09 Cross-origin information leak through web + workers</p> + <p>MFSA 2014-10 Firefox default start page UI content invokable + by script</p> + <p>MFSA 2014-11 Crash when using web workers with asm.js</p> + <p>MFSA 2014-12 NSS ticket handling issues</p> + <p>MFSA 2014-13 Inconsistent JavaScript handling of access to + Window objects</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-1477</cvename> + <cvename>CVE-2014-1478</cvename> + <cvename>CVE-2014-1479</cvename> + <cvename>CVE-2014-1480</cvename> + <cvename>CVE-2014-1481</cvename> + <cvename>CVE-2014-1482</cvename> + <cvename>CVE-2014-1483</cvename> + <cvename>CVE-2014-1484</cvename> + <cvename>CVE-2014-1485</cvename> + <cvename>CVE-2014-1486</cvename> + <cvename>CVE-2014-1487</cvename> + <cvename>CVE-2014-1488</cvename> + <cvename>CVE-2014-1489</cvename> + <cvename>CVE-2014-1490</cvename> + <cvename>CVE-2014-1491</cvename> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-01.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-02.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-03.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-04.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-05.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-06.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-07.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-08.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-09.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-10.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-11.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-12.html</url> + <url>http://www.mozilla.org/security/known-vulnerabilities/</url> + </references> + <dates> + <discovery>2014-02-04</discovery> + <entry>2014-02-04</entry> + </dates> + </vuln> + <vuln vid="111f1f84-1d14-4ff2-a9ea-cf07119c0d3b"> <topic>libyaml heap overflow resulting in possible code execution</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402042119.s14LJE7W062573>