svn commit: r427376 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Tue Nov 29 12:50:24 UTC 2016
Author: jbeich
Date: Tue Nov 29 12:50:22 2016
New Revision: 427376
URL: https://svnweb.freebsd.org/changeset/ports/427376
Log:
security/vuxml: mark www/firefox < 50.0.1,1 as vulnerable
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Nov 29 11:01:54 2016 (r427375)
+++ head/security/vuxml/vuln.xml Tue Nov 29 12:50:22 2016 (r427376)
@@ -58,6 +58,37 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e">
+ <topic>mozilla -- data: URL can inherit wrong origin after an HTTP redirect</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.0.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/">
+ <p>Redirection from an HTTP connection to a data: URL
+ assigns the referring site's origin to the data: URL in some
+ circumstances. This can result in same-origin violations
+ against a domain if it loads resources from malicious
+ sites. Cross-origin setting of cookies has been demonstrated
+ without the ability to read them.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9078</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-91/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-28</discovery>
+ <entry>2016-11-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="125f5958-b611-11e6-a9a5-b499baebfeaf">
<topic>Roundcube -- arbitrary command execution</topic>
<affects>
More information about the svn-ports-head
mailing list