FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6cec1b0a-da15-467d-8691-1dea392d4c8dmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-06-13
Entry 2017-06-13
Modified 2017-09-19
firefox
< 54.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.2.0,1

linux-firefox
< 52.2.0,2

libxul
thunderbird
linux-thunderbird
< 52.2.0

CVE-2017-5470
CVE-2017-5471
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
b7e23050-2d5d-4e61-9b48-62e89db222camozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

CVE-2017-7844: Visited history information leak through SVG image


Discovery 2017-11-29
Entry 2017-12-05
firefox
ge 57.0,1 lt 57.0.1,1

< 56.0.2_11,1

waterfox
< 56.0.s20171130

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.1,1

linux-firefox
< 52.5.1,2

CVE-2017-7843
CVE-2017-7844
https://www.mozilla.org/security/advisories/mfsa2017-27/
c4f39920-781f-4aeb-b6af-17ed566c4272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12386: Type confusion in JavaScript

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

CVE-2018-12387:

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.


Discovery 2018-10-02
Entry 2018-10-02
Modified 2019-07-23
firefox
< 62.0.3,1

waterfox
< 56.2.4

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.2.2,1

linux-firefox
< 60.2.2,2

libxul
thunderbird
linux-thunderbird
< 60.2.2

CVE-2018-12386
CVE-2018-12387
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
cd81806c-26e7-4d4a-8425-02724a2f48afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9


Discovery 2018-06-26
Entry 2018-06-26
Modified 2018-07-07
firefox
< 61.0_1,1

waterfox
< 56.2.1.19_2

seamonkey
linux-seamonkey
< 2.49.4

firefox-esr
ge 60.0,1 lt 60.1.0_1,1

< 52.9.0_1,1

linux-firefox
< 52.9.0,2

libxul
thunderbird
linux-thunderbird
< 52.9.0

CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
b1f7d52f-fc42-48e8-8403-87d4c9d26229mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-18500: Use-after-free parsing HTML5 stream

CVE-2018-18503: Memory corruption with Audio Buffer

CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer

CVE-2018-18505: Privilege escalation through IPC channel messages

CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied

CVE-2018-18502: Memory safety bugs fixed in Firefox 65

CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5


Discovery 2019-01-29
Entry 2019-01-29
Modified 2019-07-23
firefox
< 65.0_1,1

waterfox
< 56.2.7

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.5.0_1,1

linux-firefox
< 60.5.0,2

libxul
thunderbird
linux-thunderbird
< 60.5.0

CVE-2018-18500
CVE-2018-18501
CVE-2018-18502
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2018-18506
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
8429711b-76ca-474e-94a0-6b980f1e2d47mozilla -- Speculative execution side-channel attack

Mozilla Foundation reports:

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.

Since this new class of attacks involves measuring precise time intervals, as a parti al, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.


Discovery 2018-01-04
Entry 2018-01-05
firefox
< 57.0.4,1

waterfox
< 56.0.2

https://www.mozilla.org/security/advisories/mfsa2018-01/
d1853110-07f4-4645-895b-6fd462ad0589mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-11-15
Entry 2016-11-16
firefox
< 50.0_1,1

seamonkey
linux-seamonkey
< 2.47

firefox-esr
< 45.5.0,1

linux-firefox
< 45.5.0,2

libxul
thunderbird
linux-thunderbird
< 45.5.0

CVE-2016-5289
CVE-2016-5290
CVE-2016-5291
CVE-2016-5292
CVE-2016-5293
CVE-2016-5294
CVE-2016-5295
CVE-2016-5296
CVE-2016-5297
CVE-2016-5298
CVE-2016-5299
CVE-2016-9061
CVE-2016-9062
CVE-2016-9063
CVE-2016-9064
CVE-2016-9065
CVE-2016-9066
CVE-2016-9067
CVE-2016-9068
CVE-2016-9070
CVE-2016-9071
CVE-2016-9072
CVE-2016-9073
CVE-2016-9074
CVE-2016-9075
CVE-2016-9076
CVE-2016-9077
https://www.mozilla.org/security/advisories/mfsa2016-89/
https://www.mozilla.org/security/advisories/mfsa2016-90/
0cea6e0a-7a39-4dac-b3ec-dbc13d404f76mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-11707: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.


Discovery 2019-06-18
Entry 2019-06-19
Modified 2019-06-20
firefox
< 67.0.3,1

waterfox
< 56.2.11

firefox-esr
< 60.7.1,1

CVE-2019-11707
https://www.mozilla.org/security/advisories/mfsa2019-18/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -