diff options
| author | Jan Beich <jbeich@FreeBSD.org> | 2017-04-20 02:24:45 +0000 |
|---|---|---|
| committer | Jan Beich <jbeich@FreeBSD.org> | 2017-04-20 02:24:45 +0000 |
| commit | d472c92435adb540ec6b8099edc4b20de133db61 (patch) | |
| tree | a7a33b062370b3c890c9499d1f401d26a271fc6d /security | |
| parent | 98a0f5eb651098d1652c0166df1b5bcd22f332af (diff) | |
| download | ports-d472c92435adb540ec6b8099edc4b20de133db61.tar.gz ports-d472c92435adb540ec6b8099edc4b20de133db61.zip | |
security/vuxml: mark firefox < 53 as vulnerable
Notes
Notes:
svn path=/head/; revision=438922
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b7e234515e59..5b2d229924ef 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,136 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="5e0a038a-ca30-416d-a2f5-38cbf5e7df33"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>53.0_2,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.50</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><ge>46.0,1</ge><lt>52.1.0_2,1</lt></range> + <range><lt>45.9.0,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><ge>46.0,2</ge><lt>52.1.0,2</lt></range> + <range><lt>45.9.0,2</lt></range> + </package> + <package> + <name>libxul</name> + <range><ge>46.0</ge><lt>52.1.0</lt></range> + <range><lt>45.9.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><ge>46.0</ge><lt>52.1.0</lt></range> + <range><lt>45.9.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> + <p>CVE-2017-5433: Use-after-free in SMIL animation functions</p> + <p>CVE-2017-5435: Use-after-free during transaction processing in the editor</p> + <p>CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2</p> + <p>CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS</p> + <p>CVE-2017-5459: Buffer overflow in WebGL</p> + <p>CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL</p> + <p>CVE-2017-5434: Use-after-free during focus handling</p> + <p>CVE-2017-5432: Use-after-free in text input selection</p> + <p>CVE-2017-5460: Use-after-free in frame selection</p> + <p>CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing</p> + <p>CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing</p> + <p>CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing</p> + <p>CVE-2017-5441: Use-after-free with selection during scroll events</p> + <p>CVE-2017-5442: Use-after-free during style changes</p> + <p>CVE-2017-5464: Memory corruption with accessibility and DOM manipulation</p> + <p>CVE-2017-5443: Out-of-bounds write during BinHex decoding</p> + <p>CVE-2017-5444: Buffer overflow while parsing application/http-index-format content</p> + <p>CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data</p> + <p>CVE-2017-5447: Out-of-bounds read during glyph processing</p> + <p>CVE-2017-5465: Out-of-bounds read in ConvolvePixel</p> + <p>CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor</p> + <p>CVE-2017-5437: Vulnerabilities in Libevent library</p> + <p>CVE-2017-5454: Sandbox escape allowing file system read access through file picker</p> + <p>CVE-2017-5455: Sandbox escape through internal feed reader APIs</p> + <p>CVE-2017-5456: Sandbox escape allowing local file system access</p> + <p>CVE-2017-5469: Potential Buffer overflow in flex-generated code</p> + <p>CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content</p> + <p>CVE-2017-5449: Crash during bidirectional unicode manipulation with animation</p> + <p>CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android</p> + <p>CVE-2017-5451: Addressbar spoofing with onblur event</p> + <p>CVE-2017-5462: DRBG flaw in NSS</p> + <p>CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android</p> + <p>CVE-2017-5467: Memory corruption when drawing Skia content</p> + <p>CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android</p> + <p>CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element</p> + <p>CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS</p> + <p>CVE-2017-5468: Incorrect ownership model for Private Browsing information</p> + <p>CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1</p> + <p>CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5433</cvename> + <cvename>CVE-2017-5435</cvename> + <cvename>CVE-2017-5436</cvename> + <cvename>CVE-2017-5461</cvename> + <cvename>CVE-2017-5459</cvename> + <cvename>CVE-2017-5466</cvename> + <cvename>CVE-2017-5434</cvename> + <cvename>CVE-2017-5432</cvename> + <cvename>CVE-2017-5460</cvename> + <cvename>CVE-2017-5438</cvename> + <cvename>CVE-2017-5439</cvename> + <cvename>CVE-2017-5440</cvename> + <cvename>CVE-2017-5441</cvename> + <cvename>CVE-2017-5442</cvename> + <cvename>CVE-2017-5464</cvename> + <cvename>CVE-2017-5443</cvename> + <cvename>CVE-2017-5444</cvename> + <cvename>CVE-2017-5446</cvename> + <cvename>CVE-2017-5447</cvename> + <cvename>CVE-2017-5465</cvename> + <cvename>CVE-2017-5448</cvename> + <cvename>CVE-2017-5437</cvename> + <cvename>CVE-2017-5454</cvename> + <cvename>CVE-2017-5455</cvename> + <cvename>CVE-2017-5456</cvename> + <cvename>CVE-2017-5469</cvename> + <cvename>CVE-2017-5445</cvename> + <cvename>CVE-2017-5449</cvename> + <cvename>CVE-2017-5450</cvename> + <cvename>CVE-2017-5451</cvename> + <cvename>CVE-2017-5462</cvename> + <cvename>CVE-2017-5463</cvename> + <cvename>CVE-2017-5467</cvename> + <cvename>CVE-2017-5452</cvename> + <cvename>CVE-2017-5453</cvename> + <cvename>CVE-2017-5458</cvename> + <cvename>CVE-2017-5468</cvename> + <cvename>CVE-2017-5430</cvename> + <cvename>CVE-2017-5429</cvename> + <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/</url> + <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/</url> + <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/</url> + </references> + <dates> + <discovery>2017-04-19</discovery> + <entry>2017-04-19</entry> + </dates> + </vuln> + <vuln vid="d9e01c35-2531-11e7-b291-b499baebfeaf"> <topic>MySQL -- mulitiple vulnerabilities</topic> <affects> |