Date: Tue, 8 Aug 2017 17:25:43 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r447549 - head/security/vuxml Message-ID: <201708081725.v78HPhpj018940@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Tue Aug 8 17:25:43 2017 New Revision: 447549 URL: https://svnweb.freebsd.org/changeset/ports/447549 Log: security/vuxml: mark firefox < 55 as vulnerable Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 8 17:21:45 2017 (r447548) +++ head/security/vuxml/vuln.xml Tue Aug 8 17:25:43 2017 (r447549) @@ -58,6 +58,105 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="555b244e-6b20-4546-851f-d8eb7d6c1ffa"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>55.0,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.52</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>52.3.0,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>52.3.0,2</lt></range> + </package> + <package> + <name>libxul</name> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>52.3.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mozilla Foundation reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/">; + <p>CVE-2017-7798: XUL injection in the style editor in devtools</p> + <p>CVE-2017-7800: Use-after-free in WebSockets during disconnection</p> + <p>CVE-2017-7801: Use-after-free with marquee during window resizing</p> + <p>CVE-2017-7784: Use-after-free with image observers</p> + <p>CVE-2017-7802: Use-after-free resizing image elements</p> + <p>CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM</p> + <p>CVE-2017-7786: Buffer overflow while painting non-displayable SVG</p> + <p>CVE-2017-7806: Use-after-free in layer manager with SVG</p> + <p>CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements</p> + <p>CVE-2017-7787: Same-origin policy bypass with iframes through page reloads</p> + <p>CVE-2017-7807: Domain hijacking through AppCache fallback</p> + <p>CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID</p> + <p>CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher</p> + <p>CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts</p> + <p>CVE-2017-7808: CSP information leak with frame-ancestors containing paths</p> + <p>CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections</p> + <p>CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates</p> + <p>CVE-2017-7794: Linux file truncation via sandbox broker</p> + <p>CVE-2017-7803: CSP containing 'sandbox' improperly applied</p> + <p>CVE-2017-7799: Self-XSS XUL injection in about:webrtc</p> + <p>CVE-2017-7783: DOS attack through long username in URL</p> + <p>CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives</p> + <p>CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection</p> + <p>CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values</p> + <p>CVE-2017-7796: Windows updater can delete any file named update.log</p> + <p>CVE-2017-7797: Response header name interning leaks across origins</p> + <p>CVE-2017-7780: Memory safety bugs fixed in Firefox 55</p> + <p>CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-7753</cvename> + <cvename>CVE-2017-7779</cvename> + <cvename>CVE-2017-7780</cvename> + <cvename>CVE-2017-7781</cvename> + <cvename>CVE-2017-7782</cvename> + <cvename>CVE-2017-7783</cvename> + <cvename>CVE-2017-7784</cvename> + <cvename>CVE-2017-7785</cvename> + <cvename>CVE-2017-7786</cvename> + <cvename>CVE-2017-7787</cvename> + <cvename>CVE-2017-7788</cvename> + <cvename>CVE-2017-7789</cvename> + <cvename>CVE-2017-7790</cvename> + <cvename>CVE-2017-7791</cvename> + <cvename>CVE-2017-7792</cvename> + <cvename>CVE-2017-7794</cvename> + <cvename>CVE-2017-7796</cvename> + <cvename>CVE-2017-7797</cvename> + <cvename>CVE-2017-7798</cvename> + <cvename>CVE-2017-7799</cvename> + <cvename>CVE-2017-7800</cvename> + <cvename>CVE-2017-7801</cvename> + <cvename>CVE-2017-7802</cvename> + <cvename>CVE-2017-7803</cvename> + <cvename>CVE-2017-7804</cvename> + <cvename>CVE-2017-7806</cvename> + <cvename>CVE-2017-7807</cvename> + <cvename>CVE-2017-7808</cvename> + <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/</url>; + </references> + <dates> + <discovery>2017-08-08</discovery> + <entry>2017-08-08</entry> + </dates> + </vuln> + <vuln vid="9245681c-7c3c-11e7-b5af-a4badb2f4699"> <topic>sqlite3 -- heap-buffer overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708081725.v78HPhpj018940>