FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
42c98cef-62b1-4b8b-9065-f4621e08d526libvpx -- out-of-bounds write

The Mozilla Project reports:

Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.


Discovery 2014-10-14
Entry 2015-08-12
libvpx
< 1.4.0

firefox
< 33.0,1

firefox-esr
< 31.1.2,1

linux-firefox
< 33.0,1

linux-seamonkey
< 2.30

linux-thunderbird
< 31.1.2

seamonkey
< 2.30

thunderbird
< 31.1.2

libxul
< 31.1.2

CVE-2014-1578
https://www.mozilla.org/security/advisories/mfsa2014-77/
https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba
b7e23050-2d5d-4e61-9b48-62e89db222camozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

CVE-2017-7844: Visited history information leak through SVG image


Discovery 2017-11-29
Entry 2017-12-05
firefox
ge 57.0,1 lt 57.0.1,1

< 56.0.2_11,1

waterfox
< 56.0.s20171130

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.1,1

linux-firefox
< 52.5.1,2

CVE-2017-7843
CVE-2017-7844
https://www.mozilla.org/security/advisories/mfsa2017-27/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -