svn commit: r426187 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Tue Nov 15 22:02:55 UTC 2016
Author: jbeich
Date: Tue Nov 15 22:02:53 2016
New Revision: 426187
URL: https://svnweb.freebsd.org/changeset/ports/426187
Log:
security/vuxml: add entry for r425098, r425099, r425470
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Nov 15 21:57:16 2016 (r426186)
+++ head/security/vuxml/vuln.xml Tue Nov 15 22:02:53 2016 (r426187)
@@ -58,6 +58,104 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d1853110-07f4-4645-895b-6fd462ad0589">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.47</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.5.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.5.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/">
+ <p>CVE-2016-5289: Memory safety bugs fixed in Firefox 50</p>
+ <p>CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5</p>
+ <p>CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file</p>
+ <p>CVE-2016-5292: URL parsing causes crash</p>
+ <p>CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log h</p>
+ <p>CVE-2016-5294: Arbitrary target directory for result files of update process</p>
+ <p>CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM</p>
+ <p>CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1</p>
+ <p>CVE-2016-5297: Incorrect argument length checking in Javascript</p>
+ <p>CVE-2016-5298: SSL indicator can mislead the user about the real URL visited</p>
+ <p>CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an app</p>
+ <p>CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an a</p>
+ <p>CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file</p>
+ <p>CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat</p>
+ <p>CVE-2016-9064: Addons update must verify IDs match between current and new versions</p>
+ <p>CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen</p>
+ <p>CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler</p>
+ <p>CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore</p>
+ <p>CVE-2016-9068: heap-use-after-free in nsRefreshDriver</p>
+ <p>CVE-2016-9070: Sidebar bookmark can have reference to chrome window</p>
+ <p>CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP</p>
+ <p>CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile</p>
+ <p>CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"</p>
+ <p>CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler</p>
+ <p>CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges</p>
+ <p>CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s</p>
+ <p>CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing atta</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5289</cvename>
+ <cvename>CVE-2016-5290</cvename>
+ <cvename>CVE-2016-5291</cvename>
+ <cvename>CVE-2016-5292</cvename>
+ <cvename>CVE-2016-5293</cvename>
+ <cvename>CVE-2016-5294</cvename>
+ <cvename>CVE-2016-5295</cvename>
+ <cvename>CVE-2016-5296</cvename>
+ <cvename>CVE-2016-5297</cvename>
+ <cvename>CVE-2016-5298</cvename>
+ <cvename>CVE-2016-5299</cvename>
+ <cvename>CVE-2016-9061</cvename>
+ <cvename>CVE-2016-9062</cvename>
+ <cvename>CVE-2016-9063</cvename>
+ <cvename>CVE-2016-9064</cvename>
+ <cvename>CVE-2016-9065</cvename>
+ <cvename>CVE-2016-9066</cvename>
+ <cvename>CVE-2016-9067</cvename>
+ <cvename>CVE-2016-9068</cvename>
+ <cvename>CVE-2016-9070</cvename>
+ <cvename>CVE-2016-9071</cvename>
+ <cvename>CVE-2016-9072</cvename>
+ <cvename>CVE-2016-9073</cvename>
+ <cvename>CVE-2016-9074</cvename>
+ <cvename>CVE-2016-9075</cvename>
+ <cvename>CVE-2016-9076</cvename>
+ <cvename>CVE-2016-9077</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-89/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-90/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-15</discovery>
+ <entry>2016-11-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
<topic>lives -- insecure files permissions</topic>
<affects>
More information about the svn-ports-head
mailing list