FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-18 21:06:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
201cccc1-4a01-11f0-b0f8-b42e991fc52e	Mozilla -- control access bypass security@mozilla.org reports: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. Discovery 2025-04-29 Entry 2025-06-15 firefox < 138.0,2 firefox-esr < 128.10 thunderbird < 128.0 CVE-2025-2817 https://nvd.nist.gov/vuln/detail/CVE-2025-2817

VuXML ID

Description

201cccc1-4a01-11f0-b0f8-b42e991fc52e

Mozilla -- control access bypass

security@mozilla.org reports:

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

Discovery 2025-04-29
Entry 2025-06-15
firefox

< 138.0,2

firefox-esr

< 128.10

thunderbird

< 128.0

CVE-2025-2817
https://nvd.nist.gov/vuln/detail/CVE-2025-2817