Date: Sun, 23 Jan 2022 06:28:41 UTC
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-gecko (Nobody) <gecko@FreeBSD.org> for maintainer-feedback: Bug 261410: www/firefox: unfixed security vulnerabilities https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261410 --- Description --- The current port version 95.0.2 has several security vulnerabilities which are fixed in firefox 96: <https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/> The following are classified as high impact: * CVE-2022-22746 * CVE-2022-22743 * CVE-2022-22741 * CVE-2022-22740 * CVE-2022-22738 * CVE-2022-22737 * CVE-2021-4140 * CVE-2022-22751 There are also no entries in security/vuxml. Is anyone working on the upgrade to 96.0.2? Unfortunately, the update is not trivial. Some larger patches no longer apply.