git: 91adf3252398 - main - security/vuxml: Add Mozilla vulnerability

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Fernando Apesteguía <fernape_at_FreeBSD.org>
Date: Fri, 17 Apr 2026 06:31:22 UTC
The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=91adf3252398f6feb2d91eb1e7a45f7f51c36bd3

commit 91adf3252398f6feb2d91eb1e7a45f7f51c36bd3
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2026-04-17 06:30:15 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2026-04-17 06:30:15 +0000

    security/vuxml: Add Mozilla vulnerability
    
    CVE-2026-5731
            Base Score:     9.8 CRITICAL
            Vector:         CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
---
 security/vuxml/vuln/2026.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 9fe569801f9b..8ea63e9e1030 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,47 @@
+  <vuln vid="6ae8f9e5-3a26-11f1-b60b-b42e991fc52e">
+    <topic>Mozilla -- Memory safety bugs</topic>
+    <affects>
+    <package>
+	<name>firefox</name>
+	<range><lt>149.0.2,2</lt></range>
+    </package>
+    <package>
+	<name>firefox-esr</name>
+	<range><lt>140.9.1</lt></range>
+    </package>
+    <package>
+	<name>thunderbird</name>
+	<range><lt>149.0.2</lt></range>
+    </package>
+    <package>
+	<name>thunderbird-esr</name>
+	<range><lt>140.9.1</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mozilla reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021894%2C2022225%2C2022252%2C2022294%2C2023007%2C2023130%2C2023191%2C2023364%2C2023829%2C2024074%2C2024417%2C2024433%2C2024436%2C2024437%2C2024453%2C2024461%2C2024462%2C2024472%2C2024474%2C2024477%2C2025364%2C2025401%2C2025402%2C2025472%2C2026287%2C2026299%2C2026305%2C2026426">
+	<p>
+	Memory safety bugs present in Firefox ESR, Firefox ESR ,
+	Thunderbird ESR, and Thunderbird. Some of these bugs
+	showed evidence of memory corruption and we presume that
+	with enough effort some of these could have been exploited
+	  to run arbitrary code.
+	</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-5731</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2026-5731</url>
+    </references>
+    <dates>
+      <discovery>2026-04-07</discovery>
+      <entry>2026-04-17</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9c8c00ce-3642-11f1-bd03-3c7c3fba4204">
     <topic>go-ethereum -- vulnerabilities</topic>
     <affects>