svn commit: r422522 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Tue Sep 20 17:01:31 UTC 2016
Author: jbeich
Date: Tue Sep 20 17:01:30 2016
New Revision: 422522
URL: https://svnweb.freebsd.org/changeset/ports/422522
Log:
Document recent Firefox vulnerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 20 17:00:58 2016 (r422521)
+++ head/security/vuxml/vuln.xml Tue Sep 20 17:01:30 2016 (r422522)
@@ -58,6 +58,86 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2c57c47e-8bb3-4694-83c8-9fc3abad3964">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>49.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.46</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.4.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.4.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.4.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/">
+ <p>CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]</p>
+ <p>CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]</p>
+ <p>CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]</p>
+ <p>CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]</p>
+ <p>CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]</p>
+ <p>CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]</p>
+ <p>CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]</p>
+ <p>CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]</p>
+ <p>CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]</p>
+ <p>CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]</p>
+ <p>CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]</p>
+ <p>CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]</p>
+ <p>CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]</p>
+ <p>CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]</p>
+ <p>CVE-2016-5281 - use-after-free in DOMSVGLength [high]</p>
+ <p>CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]</p>
+ <p>CVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]</p>
+ <p>CVE-2016-5284 - Add-on update site certificate pin expiration [high]</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2827</cvename>
+ <cvename>CVE-2016-5256</cvename>
+ <cvename>CVE-2016-5257</cvename>
+ <cvename>CVE-2016-5270</cvename>
+ <cvename>CVE-2016-5271</cvename>
+ <cvename>CVE-2016-5272</cvename>
+ <cvename>CVE-2016-5273</cvename>
+ <cvename>CVE-2016-5274</cvename>
+ <cvename>CVE-2016-5275</cvename>
+ <cvename>CVE-2016-5276</cvename>
+ <cvename>CVE-2016-5277</cvename>
+ <cvename>CVE-2016-5278</cvename>
+ <cvename>CVE-2016-5279</cvename>
+ <cvename>CVE-2016-5280</cvename>
+ <cvename>CVE-2016-5281</cvename>
+ <cvename>CVE-2016-5282</cvename>
+ <cvename>CVE-2016-5283</cvename>
+ <cvename>CVE-2016-5284</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-85/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-86/</url>
+ </references>
+ <dates>
+ <discovery>2016-09-13</discovery>
+ <entry>2016-09-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="653a8059-7c49-11e6-9242-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
@@ -537,6 +617,11 @@ Notes:
<range><lt>48.0,1</lt></range>
</package>
<package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.45</lt></range>
+ </package>
+ <package>
<name>firefox-esr</name>
<range><lt>45.3.0,1</lt></range>
</package>
@@ -653,6 +738,7 @@ Notes:
<dates>
<discovery>2016-08-02</discovery>
<entry>2016-09-07</entry>
+ <modified>2016-09-20</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list