Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites
- In reply to: Ronald Klop : "Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 30 Aug 2024 06:34:35 UTC
On Thu, Aug 29, 2024 at 10:42 PM Ronald Klop <ronald-lists@klop.ws> wrote: > Hi, > > When I read the CVE documents they mention that these are about Firefox > for iOS. > The advisory page of Mozilla also talks about Firefox for iOS. > https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/ > > So I doubt that this is applicable to the FreeBSD package. But you might > know things I don't know. > You're right, it seems those are only for iOS. They should have been discarded along CVE-2024-7523... I'll revert the commit and commit the pending CVEs: CVE-2024-0745 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-7524 Thanks for the heads up. > > Regards, > Ronald. > > > > *Van:* "Fernando Apesteguía" <fernape@FreeBSD.org> > *Datum:* donderdag, 29 augustus 2024 19:47 > *Aan:* ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, > dev-commits-ports-main@FreeBSD.org > *Onderwerp:* git: 4453cf7eef05 - main - security/vuxml: Record firefox > multiple vulnerabilites > > The branch main has been updated by fernape: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 > > commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 > Author: Fernando Apesteguía <fernape@FreeBSD.org> > AuthorDate: 2024-08-29 17:43:33 +0000 > Commit: Fernando Apesteguía <fernape@FreeBSD.org> > CommitDate: 2024-08-29 17:47:42 +0000 > > security/vuxml: Record firefox multiple vulnerabilites > > CVE-2024-43111 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > > CVE-2024-43112 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > > CVE-2024-43113 > * Base Score: 6.1 MEDIUM > * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N > --- > security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) > > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index 7dd64a18968f..e9606c88bfca 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -1,3 +1,42 @@ > + <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e"> > + <topic>firefox -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>firefox</name> > + <range><lt>129</lt></range> > + </package> > + </affects> > + <description> > + <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml"> > + <p>security@mozilla.org reports:</p> > + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1874964 > "> > + <p>This update includes 3 CVEs:</p> > + <ul> > + <li>The contextual menu for links could provide an > + opportunity for cross-site scripting attacks.</li> > + <li>Long pressing on a download link could potentially > + provide a means for cross-site scripting.</li> > + <li>Long pressing on a download link could potentially > + allow Javascript commands to be executed within the > + browser.</li> > + </ul> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2024-43113</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url> > + <cvename>CVE-2024-43112</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url> > + <cvename>CVE-2024-43111</cvename> > + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url> > + </references> > + <dates> > + <discovery>2024-08-06</discovery> > + <entry>2024-08-29</entry> > + </dates> > + </vuln> > + > <vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6"> > <topic>chromium -- multiple security fixes</topic> > <affects> > ------------------------------ > > > >