Date: Mon, 10 Jul 2017 17:56:54 +0000 From: bugzilla-noreply@freebsd.org To: gecko@FreeBSD.org Subject: maintainer-feedback requested: [Bug 220607] www/libxul: Multiple CVEs, update to >= 52.2.0 Message-ID: <bug-220607-21738-BcIER8m6j6@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-220607-21738@https.bugs.freebsd.org/bugzilla/> References: <bug-220607-21738@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Marks <amracks@gmail.com> has reassigned Bugzilla Automation <bugzilla@FreeBSD.org>'s request for maintainer-feedback to gecko@FreeBSD.o= rg: Bug 220607: www/libxul: Multiple CVEs, update to >=3D 52.2.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220607 --- Description --- I've been told these are all applicable, but have not yet done any independ= ent research. CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after-free with IME input CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors CVE-2017-7757: Use-after-free in IndexedDB CVE-2017-7778: Vulnerabilities in the Graphite 2 library CVE-2017-7758: Out-of-bounds read in Opus encoder CVE-2017-7759: Android intent URLs can cause navigation to local file system CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application CVE-2017-7762: Addressbar spoofing in Reader mode CVE-2017-7763: Mac fonts render some unicode characters as spaces CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and o= ther unicode blocks CVE-2017-7765: Mark of the Web bypass when saving executable files CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Serv= ice CVE-2017-5471: Memory safety bugs fixed in Firefox 54 CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220607-21738-BcIER8m6j6>