FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a09c80e-6ec7-442a-bc65-d72ce69fd887mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9

CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin

CVE-2017-7847: Local path string can be leaked from RSS feed

CVE-2017-7848: RSS Feed vulnerable to new line Injection

CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display


Discovery 2017-12-22
Entry 2017-12-25
thunderbird
linux-thunderbird
< 52.5.2

CVE-2017-7829
CVE-2017-7845
CVE-2017-7846
CVE-2017-7847
CVE-2017-7848
https://www.mozilla.org/security/advisories/mfsa2017-30/
7943794f-707f-4e31-9fea-3bbf1ddcedc1mozilla -- multiple vulnerabilities

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.


Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31
libvorbis
< 1.3.6,3

libtremor
< 1.2.1.s20180316

firefox
< 59.0.1,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.2,1

linux-firefox
< 52.7.2,2

libxul
< 52.7.3

thunderbird
linux-thunderbird
< 52.7.0

CVE-2018-5146
CVE-2018-5147
https://www.mozilla.org/security/advisories/mfsa2018-08/
https://www.mozilla.org/security/advisories/mfsa2018-09/
92d44f83-a7bf-41cf-91ee-3d1b8ecf579fmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

MFSA 2016-42 Use-after-free and buffer overflow in Service Workers

MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets

MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace

MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions

MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()

MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains


Discovery 2016-04-26
Entry 2016-04-26
firefox
linux-firefox
< 46.0,1

seamonkey
linux-seamonkey
< 2.43

firefox-esr
ge 39.0,1 lt 45.1.0,1

< 38.8.0,1

libxul
thunderbird
linux-thunderbird
ge 39.0 lt 45.1.0

< 38.8.0

CVE-2016-2804
CVE-2016-2805
CVE-2016-2806
CVE-2016-2807
CVE-2016-2808
CVE-2016-2811
CVE-2016-2812
CVE-2016-2814
CVE-2016-2816
CVE-2016-2817
CVE-2016-2820
https://www.mozilla.org/security/advisories/mfsa2016-39/
https://www.mozilla.org/security/advisories/mfsa2016-42/
https://www.mozilla.org/security/advisories/mfsa2016-44/
https://www.mozilla.org/security/advisories/mfsa2016-45/
https://www.mozilla.org/security/advisories/mfsa2016-46/
https://www.mozilla.org/security/advisories/mfsa2016-47/
https://www.mozilla.org/security/advisories/mfsa2016-48/
5e0a038a-ca30-416d-a2f5-38cbf5e7df33mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-09-19
firefox
< 53.0_2,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
ge 46.0,1 lt 52.1.0_2,1

< 45.9.0,1

linux-firefox
ge 46.0,2 lt 52.1.0,2

< 45.9.0,2

libxul
ge 46.0 lt 52.1.0

< 45.9.0

thunderbird
linux-thunderbird
ge 46.0 lt 52.1.0

< 45.9.0

CVE-2017-5433
CVE-2017-5435
CVE-2017-5436
CVE-2017-5461
CVE-2017-5459
CVE-2017-5466
CVE-2017-5434
CVE-2017-5432
CVE-2017-5460
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5464
CVE-2017-5443
CVE-2017-5444
CVE-2017-5446
CVE-2017-5447
CVE-2017-5465
CVE-2017-5448
CVE-2017-5437
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5469
CVE-2017-5445
CVE-2017-5449
CVE-2017-5450
CVE-2017-5451
CVE-2017-5462
CVE-2017-5463
CVE-2017-5467
CVE-2017-5452
CVE-2017-5453
CVE-2017-5458
CVE-2017-5468
CVE-2017-5430
CVE-2017-5429
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
512c0ffd-cd39-4da4-b2dc-81ff4ba8e238mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-9894: Buffer overflow in SkiaGL

CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements

CVE-2016-9895: CSP bypass using marquee tag

CVE-2016-9896: Use-after-free with WebVR

CVE-2016-9897: Memory corruption in libGLES

CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees

CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs

CVE-2016-9904: Cross-origin information leak in shared atoms

CVE-2016-9901: Data from Pocket server improperly sanitized before execution

CVE-2016-9902: Pocket extension does not validate the origin of events

CVE-2016-9903: XSS injection vulnerability in add-ons SDK

CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6


Discovery 2016-12-13
Entry 2016-12-14
firefox
< 50.1.0_1,1

seamonkey
linux-seamonkey
< 2.47

firefox-esr
< 45.6.0,1

linux-firefox
< 45.6.0,2

libxul
thunderbird
linux-thunderbird
< 45.6.0

CVE-2016-9894
CVE-2016-9899
CVE-2016-9895
CVE-2016-9896
CVE-2016-9897
CVE-2016-9898
CVE-2016-9900
CVE-2016-9904
CVE-2016-9901
CVE-2016-9902
CVE-2016-9903
CVE-2016-9080
CVE-2016-9893
https://www.mozilla.org/security/advisories/mfsa2016-94/
https://www.mozilla.org/security/advisories/mfsa2016-95/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -