FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-07 08:40:34 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5e4d7172-66b8-11ef-b104-b42e991fc52e	firefox -- multiple vulnerabilities security@mozilla.org reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. Discovery 2024-08-06 Entry 2024-08-30 firefox < 129.0,2 CVE-2024-7524 https://nvd.nist.gov/vuln/detail/CVE-2024-7524 CVE-2024-6610 https://nvd.nist.gov/vuln/detail/CVE-2024-6610 CVE-2024-6609 https://nvd.nist.gov/vuln/detail/CVE-2024-6609 CVE-2024-6608 https://nvd.nist.gov/vuln/detail/CVE-2024-6608

VuXML ID

Description

5e4d7172-66b8-11ef-b104-b42e991fc52e

firefox -- multiple vulnerabilities

security@mozilla.org reports:

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.

Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode.

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window.

Discovery 2024-08-06
Entry 2024-08-30
firefox

< 129.0,2

CVE-2024-7524
https://nvd.nist.gov/vuln/detail/CVE-2024-7524
CVE-2024-6610
https://nvd.nist.gov/vuln/detail/CVE-2024-6610
CVE-2024-6609
https://nvd.nist.gov/vuln/detail/CVE-2024-6609
CVE-2024-6608
https://nvd.nist.gov/vuln/detail/CVE-2024-6608