FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-06-07 10:36:35 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
12bd6ecf-c430-11db-95c5-000c6ec775d9	mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write() memory corruption MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow MFSA 2007-05 XSS and local file access by opening blocked popups MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot MFSA 2007-03 Information disclosure through cache collisions MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) Discovery 2007-02-23 Entry 2007-02-24 Modified 2007-04-19 firefox < 1.5.0.10,1 gt 2.*,1 lt 2.0.0.2,1 linux-firefox < 1.5.0.10 lightning < 0.3.1 seamonkey linux-seamonkey < 1.0.8 ge 1.1 lt 1.1.1 thunderbird linux-thunderbird mozilla-thunderbird < 1.5.0.10 linux-firefox-devel < 3.0.a2007.04.18 linux-seamonkey-devel < 1.5.a2007.04.18 firefox-ja linux-mozilla-devel linux-mozilla mozilla gt 0 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-1092 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
3ce8c7e2-66cf-11dc-b25f-02e0185f8d72	mozilla -- code execution via Quicktime media-link files The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context. Discovery 2007-09-18 Entry 2007-09-19 Modified 2007-12-14 firefox < 2.0.0.7,1 linux-firefox < 2.0.0.7 seamonkey linux-seamonkey < 1.1.5 linux-firefox-devel < 3.0.a2007.12.12 linux-seamonkey-devel < 2.0.a2007.12.12 firefox-ja linux-mozilla-devel linux-mozilla mozilla gt 0 CVE-2006-4965 http://www.mozilla.org/security/announce/2007/mfsa2007-28.html
e190ca65-3636-11dc-a697-000c6ec775d9	mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to wyciwyg:// documents MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document MFSA 2007-20 Frame spoofing while window is loading MFSA 2007-19 XSS using addEventListener and setTimeout MFSA 2007-18 Crashes with evidence of memory corruption Discovery 2007-07-17 Entry 2007-07-19 Modified 2008-06-21 firefox < 2.0.0.5,1 gt 3.*,1 lt 3.0.a2_3,1 linux-firefox linux-thunderbird mozilla-thunderbird thunderbird < 2.0.0.5 seamonkey linux-seamonkey < 1.1.3 linux-firefox-devel < 3.0.a2007.12.12 linux-seamonkey-devel < 2.0.a2007.12.12 firefox-ja linux-mozilla-devel linux-mozilla mozilla gt 0 CVE-2007-3738 CVE-2007-3089 CVE-2007-3734 CVE-2007-3735 CVE-2007-3737 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5 http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-24.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html TA07-199A

VuXML ID

Description

12bd6ecf-c430-11db-95c5-000c6ec775d9

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

MFSA 2007-08 onUnload + document.write() memory corruption

MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks

MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow

MFSA 2007-05 XSS and local file access by opening blocked popups

MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot

MFSA 2007-03 Information disclosure through cache collisions

MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks

MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Discovery 2007-02-23
Entry 2007-02-24
Modified 2007-04-19
firefox

< 1.5.0.10,1

gt 2.*,1 lt 2.0.0.2,1

linux-firefox

< 1.5.0.10

lightning

< 0.3.1

seamonkey
linux-seamonkey

< 1.0.8

ge 1.1 lt 1.1.1

thunderbird
linux-thunderbird
mozilla-thunderbird

< 1.5.0.10

linux-firefox-devel

< 3.0.a2007.04.18

linux-seamonkey-devel

< 1.5.a2007.04.18

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla

gt 0

CVE-2006-6077
CVE-2007-0008
CVE-2007-0009
CVE-2007-0775
CVE-2007-0776
CVE-2007-0777
CVE-2007-0778
CVE-2007-0779
CVE-2007-0780
CVE-2007-0800
CVE-2007-0981
CVE-2007-0995
CVE-2007-1092
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html

3ce8c7e2-66cf-11dc-b25f-02e0185f8d72

mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.

Discovery 2007-09-18
Entry 2007-09-19
Modified 2007-12-14
firefox

< 2.0.0.7,1

linux-firefox

< 2.0.0.7

seamonkey
linux-seamonkey

< 1.1.5

linux-firefox-devel

< 3.0.a2007.12.12

linux-seamonkey-devel

< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla

gt 0

CVE-2006-4965
http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

e190ca65-3636-11dc-a697-000c6ec775d9

mozilla -- multiple vulnerabilities

MFSA 2007-25 XPCNativeWrapper pollution

MFSA 2007-24 Unauthorized access to wyciwyg:// documents

MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document

MFSA 2007-20 Frame spoofing while window is loading

MFSA 2007-19 XSS using addEventListener and setTimeout

MFSA 2007-18 Crashes with evidence of memory corruption

Discovery 2007-07-17
Entry 2007-07-19
Modified 2008-06-21
firefox

< 2.0.0.5,1

gt 3.*,1 lt 3.0.a2_3,1

linux-firefox
linux-thunderbird
mozilla-thunderbird
thunderbird

< 2.0.0.5

seamonkey
linux-seamonkey

< 1.1.3

linux-firefox-devel

< 3.0.a2007.12.12

linux-seamonkey-devel

< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla

gt 0

CVE-2007-3738
CVE-2007-3089
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
TA07-199A