FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
79c68ef7-c8ae-4ade-91b4-4b8221b7c72afirefox -- Cross-origin restriction bypass using Fetch

Firefox Developers report:

Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue.


Discovery 2015-10-15
Entry 2015-10-16
firefox
< 41.0.2,1

linux-firefox
< 41.0.2,1

https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7184
8eee06d4-c21d-4f07-a669-455151ff426fmozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-78 Same origin violation and local file stealing via PDF reader


Discovery 2015-08-06
Entry 2015-08-07
firefox
< 39.0.3,1

linux-firefox
< 39.0.3,1

firefox-esr
< 38.1.1,1

CVE-2015-4495
https://www.mozilla.org/security/advisories/mfsa2015-78/
1098a15b-b0f6-42b7-b5c7-8a8646e8be07mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7793: Use-after-free with Fetch API

CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode

CVE-2017-7818: Use-after-free during ARIA array manipulation

CVE-2017-7819: Use-after-free while resizing images in design mode

CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files

CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

CVE-2017-7813: Integer truncation in the JavaScript parser

CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces

CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations

CVE-2017-7816: WebExtensions can load about: URLs in extension UI

CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction

CVE-2017-7823: CSP sandbox directive did not create a unique origin

CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV

CVE-2017-7820: Xray wrapper bypass with new tab and web console

CVE-2017-7811: Memory safety bugs fixed in Firefox 56

CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4


Discovery 2017-09-28
Entry 2017-09-29
Modified 2017-10-03
firefox
< 56.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.4.0,1

linux-firefox
< 52.4.0,2

libxul
thunderbird
linux-thunderbird
< 52.4.0

CVE-2017-7793
CVE-2017-7805
CVE-2017-7810
CVE-2017-7811
CVE-2017-7812
CVE-2017-7813
CVE-2017-7814
CVE-2017-7815
CVE-2017-7816
CVE-2017-7817
CVE-2017-7818
CVE-2017-7819
CVE-2017-7820
CVE-2017-7821
CVE-2017-7822
CVE-2017-7823
CVE-2017-7824
CVE-2017-7825
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
76ff65f4-17ca-4d3f-864a-a3d6026194fbmozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-28 Privilege escalation through SVG navigation

MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination


Discovery 2015-03-20
Entry 2015-03-22
firefox
< 36.0.4,1

firefox-esr
< 31.5.3,1

linux-firefox
< 36.0.4,1

linux-seamonkey
< 2.33.1

seamonkey
< 2.33.1

libxul
< 31.5.3

CVE-2015-0817
CVE-2015-0818
https://www.mozilla.org/security/advisories/mfsa2015-28/
https://www.mozilla.org/security/advisories/mfsa2015-29/
https://www.mozilla.org/security/advisories/
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

libbrotli
< 0.3.0_3

chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
< 48.0,1

seamonkey
linux-seamonkey
< 2.45

firefox-esr
< 45.3.0,1

linux-firefox
< 45.3.0,2

libxul
thunderbird
linux-thunderbird
< 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
c71cdc95-3c18-45b7-866a-af28b59aabb5mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList

CVE-2018-5128: Use-after-free manipulating editor selection ranges

CVE-2018-5129: Out-of-bounds write with malformed IPC messages

CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption

CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources

CVE-2018-5132: WebExtension Find API can search privileged pages

CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized

CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions

CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts

CVE-2018-5136: Same-origin policy violation with data: URL shared workers

CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources

CVE-2018-5138: Android Custom Tab address spoofing through long domain names

CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol

CVE-2018-5141: DOS attack through notifications Push API

CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs

CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar

CVE-2018-5126: Memory safety bugs fixed in Firefox 59

CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7


Discovery 2018-03-13
Entry 2018-03-13
Modified 2018-03-16
firefox
< 59.0_1,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.0,1

linux-firefox
< 52.7.0,2

libxul
thunderbird
linux-thunderbird
< 52.7.0

CVE-2018-5125
CVE-2018-5126
CVE-2018-5127
CVE-2018-5128
CVE-2018-5129
CVE-2018-5130
CVE-2018-5131
CVE-2018-5132
CVE-2018-5133
CVE-2018-5134
CVE-2018-5135
CVE-2018-5136
CVE-2018-5137
CVE-2018-5138
CVE-2018-5140
CVE-2018-5141
CVE-2018-5142
CVE-2018-5143
https://www.mozilla.org/security/advisories/mfsa2018-06/
https://www.mozilla.org/security/advisories/mfsa2018-07/
2225c5b4-1e5a-44fc-9920-b3201c384a15mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports

MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages

MFSA 2016-19 Linux video memory DOS with Intel drivers

MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing

MFSA 2016-21 Displayed page address can be overridden

MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager

MFSA 2016-23 Use-after-free in HTML5 string parser

MFSA 2016-24 Use-after-free in SetBody

MFSA 2016-25 Use-after-free when using multiple WebRTC data channels

MFSA 2016-26 Memory corruption when modifying a file being read by FileReader

MFSA 2016-27 Use-after-free during XML transformations

MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property

MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore

MFSA 2016-31 Memory corruption with malicious NPAPI plugin

MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection

MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC

MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-08
firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1952
CVE-2016-1953
CVE-2016-1954
CVE-2016-1955
CVE-2016-1956
CVE-2016-1957
CVE-2016-1958
CVE-2016-1959
CVE-2016-1960
CVE-2016-1961
CVE-2016-1962
CVE-2016-1963
CVE-2016-1964
CVE-2016-1965
CVE-2016-1966
CVE-2016-1967
CVE-2016-1970
CVE-2016-1971
CVE-2016-1972
CVE-2016-1973
CVE-2016-1974
CVE-2016-1975
CVE-2016-1976
https://www.mozilla.org/security/advisories/mfsa2016-16/
https://www.mozilla.org/security/advisories/mfsa2016-17/
https://www.mozilla.org/security/advisories/mfsa2016-18/
https://www.mozilla.org/security/advisories/mfsa2016-19/
https://www.mozilla.org/security/advisories/mfsa2016-20/
https://www.mozilla.org/security/advisories/mfsa2016-21/
https://www.mozilla.org/security/advisories/mfsa2016-22/
https://www.mozilla.org/security/advisories/mfsa2016-23/
https://www.mozilla.org/security/advisories/mfsa2016-24/
https://www.mozilla.org/security/advisories/mfsa2016-25/
https://www.mozilla.org/security/advisories/mfsa2016-26/
https://www.mozilla.org/security/advisories/mfsa2016-27/
https://www.mozilla.org/security/advisories/mfsa2016-28/
https://www.mozilla.org/security/advisories/mfsa2016-29/
https://www.mozilla.org/security/advisories/mfsa2016-31/
https://www.mozilla.org/security/advisories/mfsa2016-32/
https://www.mozilla.org/security/advisories/mfsa2016-33/
https://www.mozilla.org/security/advisories/mfsa2016-34/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -