svn commit: r435627 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Tue Mar 7 18:13:24 UTC 2017
Author: jbeich
Date: Tue Mar 7 18:13:23 2017
New Revision: 435627
URL: https://svnweb.freebsd.org/changeset/ports/435627
Log:
security/vuxml: mark firefox < 52 as vulnerable
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Mar 7 18:01:14 2017 (r435626)
+++ head/security/vuxml/vuln.xml Tue Mar 7 18:13:23 2017 (r435627)
@@ -58,6 +58,113 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="96eca031-1313-4daf-9be2-9d6e1c4f1eb5">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>52.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><ge>46.0,1</ge><lt>52.0,1</lt></range>
+ <range><lt>45.8.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><ge>46.0,2</ge><lt>52.0,2</lt></range>
+ <range><lt>45.8.0_1,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><ge>46.0</ge><lt>52.0</lt></range>
+ <range><lt>45.8.0_1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><ge>46.0</ge><lt>52.0</lt></range>
+ <range><lt>45.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/">
+ <p>CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP</p>
+ <p>CVE-2017-5401: Memory Corruption when handling ErrorResult</p>
+ <p>CVE-2017-5402: Use-after-free working with events in FontFace objects</p>
+ <p>CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object</p>
+ <p>CVE-2017-5404: Use-after-free working with ranges in selections</p>
+ <p>CVE-2017-5406: Segmentation fault in Skia with canvas operations</p>
+ <p>CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters</p>
+ <p>CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping</p>
+ <p>CVE-2017-5411: Use-after-free in Buffer Storage in libGLES</p>
+ <p>CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
+ <p>CVE-2017-5408: Cross-origin reading of video captions in violation of CORS</p>
+ <p>CVE-2017-5412: Buffer overflow read in SVG filters</p>
+ <p>CVE-2017-5413: Segmentation fault during bidirectional operations</p>
+ <p>CVE-2017-5414: File picker can choose incorrect default directory</p>
+ <p>CVE-2017-5415: Addressbar spoofing through blob URL</p>
+ <p>CVE-2017-5416: Null dereference crash in HttpChannel</p>
+ <p>CVE-2017-5417: Addressbar spoofing by draging and dropping URLs</p>
+ <p>CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access</p>
+ <p>CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running</p>
+ <p>CVE-2017-5427: Non-existent chrome.manifest file loaded during startup</p>
+ <p>CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses</p>
+ <p>CVE-2017-5419: Repeated authentication prompts lead to DOS attack</p>
+ <p>CVE-2017-5420: Javascript: URLs can obfuscate addressbar location</p>
+ <p>CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports</p>
+ <p>CVE-2017-5421: Print preview spoofing</p>
+ <p>CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink</p>
+ <p>CVE-2017-5399: Memory safety bugs fixed in Firefox 52</p>
+ <p>CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5400</cvename>
+ <cvename>CVE-2017-5401</cvename>
+ <cvename>CVE-2017-5402</cvename>
+ <cvename>CVE-2017-5403</cvename>
+ <cvename>CVE-2017-5404</cvename>
+ <cvename>CVE-2017-5406</cvename>
+ <cvename>CVE-2017-5407</cvename>
+ <cvename>CVE-2017-5410</cvename>
+ <cvename>CVE-2017-5411</cvename>
+ <cvename>CVE-2017-5409</cvename>
+ <cvename>CVE-2017-5408</cvename>
+ <cvename>CVE-2017-5412</cvename>
+ <cvename>CVE-2017-5413</cvename>
+ <cvename>CVE-2017-5414</cvename>
+ <cvename>CVE-2017-5415</cvename>
+ <cvename>CVE-2017-5416</cvename>
+ <cvename>CVE-2017-5417</cvename>
+ <cvename>CVE-2017-5425</cvename>
+ <cvename>CVE-2017-5426</cvename>
+ <cvename>CVE-2017-5427</cvename>
+ <cvename>CVE-2017-5418</cvename>
+ <cvename>CVE-2017-5419</cvename>
+ <cvename>CVE-2017-5420</cvename>
+ <cvename>CVE-2017-5405</cvename>
+ <cvename>CVE-2017-5421</cvename>
+ <cvename>CVE-2017-5422</cvename>
+ <cvename>CVE-2017-5399</cvename>
+ <cvename>CVE-2017-5398</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-05/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-06/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-07</discovery>
+ <entry>2017-03-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="71ebbc50-01c1-11e7-ae1b-002590263bf5">
<topic>codeigniter -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list