svn commit: r459791 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Tue Jan 23 18:43:35 UTC 2018
Author: jbeich
Date: Tue Jan 23 18:43:33 2018
New Revision: 459791
URL: https://svnweb.freebsd.org/changeset/ports/459791
Log:
security/vuxml: mark firefox < 58 as vulnerable
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Jan 23 18:18:12 2018 (r459790)
+++ head/security/vuxml/vuln.xml Tue Jan 23 18:43:33 2018 (r459791)
@@ -58,6 +58,118 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a891c5b4-3d7a-4de9-9c71-eef3fd698c77">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>58.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.0.3_4</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.3</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.6.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.6.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.6.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/">
+ <p>CVE-2018-5091: Use-after-free with DTMF timers</p>
+ <p>CVE-2018-5092: Use-after-free in Web Workers</p>
+ <p>CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing</p>
+ <p>CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory</p>
+ <p>CVE-2018-5095: Integer overflow in Skia library during edge builder allocation</p>
+ <p>CVE-2018-5097: Use-after-free when source document is manipulated during XSLT</p>
+ <p>CVE-2018-5098: Use-after-free while manipulating form input elements</p>
+ <p>CVE-2018-5099: Use-after-free with widget listener</p>
+ <p>CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory</p>
+ <p>CVE-2018-5101: Use-after-free with floating first-letter style elements</p>
+ <p>CVE-2018-5102: Use-after-free in HTML media elements</p>
+ <p>CVE-2018-5103: Use-after-free during mouse event handling</p>
+ <p>CVE-2018-5104: Use-after-free during font face manipulation</p>
+ <p>CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts</p>
+ <p>CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker</p>
+ <p>CVE-2018-5107: Printing process will follow symlinks for local file access</p>
+ <p>CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs</p>
+ <p>CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution</p>
+ <p>CVE-2018-5110: Cursor can be made invisible on OS X</p>
+ <p>CVE-2018-5111: URL spoofing in addressbar through drag and drop</p>
+ <p>CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel</p>
+ <p>CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow</p>
+ <p>CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts</p>
+ <p>CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs</p>
+ <p>CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access</p>
+ <p>CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right</p>
+ <p>CVE-2018-5118: Activity Stream images can attempt to load local content through file:</p>
+ <p>CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers</p>
+ <p>CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar</p>
+ <p>CVE-2018-5122: Potential integer overflow in DoCrypt</p>
+ <p>CVE-2018-5090: Memory safety bugs fixed in Firefox 58</p>
+ <p>CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-5089</cvename>
+ <cvename>CVE-2018-5090</cvename>
+ <cvename>CVE-2018-5091</cvename>
+ <cvename>CVE-2018-5092</cvename>
+ <cvename>CVE-2018-5093</cvename>
+ <cvename>CVE-2018-5094</cvename>
+ <cvename>CVE-2018-5095</cvename>
+ <cvename>CVE-2018-5097</cvename>
+ <cvename>CVE-2018-5098</cvename>
+ <cvename>CVE-2018-5099</cvename>
+ <cvename>CVE-2018-5100</cvename>
+ <cvename>CVE-2018-5101</cvename>
+ <cvename>CVE-2018-5102</cvename>
+ <cvename>CVE-2018-5103</cvename>
+ <cvename>CVE-2018-5104</cvename>
+ <cvename>CVE-2018-5105</cvename>
+ <cvename>CVE-2018-5106</cvename>
+ <cvename>CVE-2018-5107</cvename>
+ <cvename>CVE-2018-5108</cvename>
+ <cvename>CVE-2018-5109</cvename>
+ <cvename>CVE-2018-5110</cvename>
+ <cvename>CVE-2018-5111</cvename>
+ <cvename>CVE-2018-5112</cvename>
+ <cvename>CVE-2018-5113</cvename>
+ <cvename>CVE-2018-5114</cvename>
+ <cvename>CVE-2018-5115</cvename>
+ <cvename>CVE-2018-5116</cvename>
+ <cvename>CVE-2018-5117</cvename>
+ <cvename>CVE-2018-5118</cvename>
+ <cvename>CVE-2018-5119</cvename>
+ <cvename>CVE-2018-5121</cvename>
+ <cvename>CVE-2018-5122</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-02/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-03/</url>
+ </references>
+ <dates>
+ <discovery>2018-01-23</discovery>
+ <entry>2018-01-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="24a82876-002e-11e8-9a95-0cc47a02c232">
<topic>powerdns-recursor -- insufficient validation of DNSSEC signatures</topic>
<affects>
More information about the svn-ports-all
mailing list