FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d1853110-07f4-4645-895b-6fd462ad0589mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-11-15
Entry 2016-11-16
firefox
< 50.0_1,1

seamonkey
linux-seamonkey
< 2.47

firefox-esr
< 45.5.0,1

linux-firefox
< 45.5.0,2

libxul
thunderbird
linux-thunderbird
< 45.5.0

CVE-2016-5289
CVE-2016-5290
CVE-2016-5291
CVE-2016-5292
CVE-2016-5293
CVE-2016-5294
CVE-2016-5295
CVE-2016-5296
CVE-2016-5297
CVE-2016-5298
CVE-2016-5299
CVE-2016-9061
CVE-2016-9062
CVE-2016-9063
CVE-2016-9064
CVE-2016-9065
CVE-2016-9066
CVE-2016-9067
CVE-2016-9068
CVE-2016-9070
CVE-2016-9071
CVE-2016-9072
CVE-2016-9073
CVE-2016-9074
CVE-2016-9075
CVE-2016-9076
CVE-2016-9077
https://www.mozilla.org/security/advisories/mfsa2016-89/
https://www.mozilla.org/security/advisories/mfsa2016-90/
7ae61870-9dd2-4884-a2f2-f19bb5784d09mozilla -- multiple vulnerabilities

The Mozilla Project reports:

ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data

MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory

MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer

MFSA-2014-88 Buffer overflow while parsing media content

MFSA-2014-87 Use-after-free during HTML5 parsing

MFSA-2014-86 CSP leaks redirect data via violation reports

MFSA-2014-85 XMLHttpRequest crashes with some input streams

MFSA-2014-84 XBL bindings accessible via improper CSS declarations

MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)


Discovery 2014-12-01
Entry 2014-12-02
firefox
< 34.0,1

firefox-esr
< 31.3.0,1

linux-firefox
< 34.0,1

linux-seamonkey
< 2.31

linux-thunderbird
< 31.3.0

seamonkey
< 2.31

thunderbird
< 31.3.0

libxul
< 31.3.0

nss
< 3.17.3

CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-1595
CVE-2014-1569
https://www.mozilla.org/security/advisories/mfsa2014-83
https://www.mozilla.org/security/advisories/mfsa2014-84
https://www.mozilla.org/security/advisories/mfsa2014-85
https://www.mozilla.org/security/advisories/mfsa2014-86
https://www.mozilla.org/security/advisories/mfsa2014-87
https://www.mozilla.org/security/advisories/mfsa2014-88
https://www.mozilla.org/security/advisories/mfsa2014-89
https://www.mozilla.org/security/advisories/mfsa2014-90
https://www.mozilla.org/security/advisories/
a891c5b4-3d7a-4de9-9c71-eef3fd698c77mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-5091: Use-after-free with DTMF timers

CVE-2018-5092: Use-after-free in Web Workers

CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing

CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory

CVE-2018-5095: Integer overflow in Skia library during edge builder allocation

CVE-2018-5097: Use-after-free when source document is manipulated during XSLT

CVE-2018-5098: Use-after-free while manipulating form input elements

CVE-2018-5099: Use-after-free with widget listener

CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory

CVE-2018-5101: Use-after-free with floating first-letter style elements

CVE-2018-5102: Use-after-free in HTML media elements

CVE-2018-5103: Use-after-free during mouse event handling

CVE-2018-5104: Use-after-free during font face manipulation

CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts

CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker

CVE-2018-5107: Printing process will follow symlinks for local file access

CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs

CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution

CVE-2018-5110: Cursor can be made invisible on OS X

CVE-2018-5111: URL spoofing in addressbar through drag and drop

CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel

CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow

CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts

CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs

CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access

CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right

CVE-2018-5118: Activity Stream images can attempt to load local content through file:

CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers

CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar

CVE-2018-5122: Potential integer overflow in DoCrypt

CVE-2018-5090: Memory safety bugs fixed in Firefox 58

CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6


Discovery 2018-01-23
Entry 2018-01-23
Modified 2018-01-29
firefox
< 58.0_1,1

waterfox
< 56.0.3.63

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.6.0_1,1

linux-firefox
< 52.6.0,2

libxul
thunderbird
linux-thunderbird
< 52.6.0

CVE-2018-5089
CVE-2018-5090
CVE-2018-5091
CVE-2018-5092
CVE-2018-5093
CVE-2018-5094
CVE-2018-5095
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5100
CVE-2018-5101
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5105
CVE-2018-5106
CVE-2018-5107
CVE-2018-5108
CVE-2018-5109
CVE-2018-5110
CVE-2018-5111
CVE-2018-5112
CVE-2018-5113
CVE-2018-5114
CVE-2018-5115
CVE-2018-5116
CVE-2018-5117
CVE-2018-5118
CVE-2018-5119
CVE-2018-5121
CVE-2018-5122
https://www.mozilla.org/security/advisories/mfsa2018-02/
https://www.mozilla.org/security/advisories/mfsa2018-03/
c66a5632-708a-4727-8236-d65b2d5b2739mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

MFSA 2015-80 Out-of-bounds read with malformed MP3 file

MFSA 2015-81 Use-after-free in MediaStream playback

MFSA 2015-82 Redefinition of non-configurable JavaScript object properties

MFSA 2015-83 Overflow issues in libstagefright

MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links

MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file

MFSA 2015-86 Feed protocol with POST bypasses mixed content protections

MFSA 2015-87 Crash when using shared memory in JavaScript

MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images

MFSA 2015-90 Vulnerabilities found through code inspection

MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification

MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers


Discovery 2015-08-11
Entry 2015-08-11
Modified 2015-08-22
firefox
< 40.0,1

linux-firefox
< 40.0,1

seamonkey
ge 2.36 lt 2.37

< 2.35

linux-seamonkey
ge 2.36 lt 2.37

< 2.35

firefox-esr
< 38.2.0,1

libxul
< 38.2.0

thunderbird
< 38.2.0

linux-thunderbird
< 38.2.0

CVE-2015-4473
CVE-2015-4474
CVE-2015-4475
CVE-2015-4477
CVE-2015-4478
CVE-2015-4479
CVE-2015-4480
CVE-2015-4481
CVE-2015-4482
CVE-2015-4483
CVE-2015-4484
CVE-2015-4487
CVE-2015-4488
CVE-2015-4489
CVE-2015-4490
CVE-2015-4491
CVE-2015-4492
CVE-2015-4493
https://www.mozilla.org/security/advisories/mfsa2015-79/
https://www.mozilla.org/security/advisories/mfsa2015-80/
https://www.mozilla.org/security/advisories/mfsa2015-81/
https://www.mozilla.org/security/advisories/mfsa2015-82/
https://www.mozilla.org/security/advisories/mfsa2015-83/
https://www.mozilla.org/security/advisories/mfsa2015-84/
https://www.mozilla.org/security/advisories/mfsa2015-85/
https://www.mozilla.org/security/advisories/mfsa2015-86/
https://www.mozilla.org/security/advisories/mfsa2015-87/
https://www.mozilla.org/security/advisories/mfsa2015-88/
https://www.mozilla.org/security/advisories/mfsa2015-90/
https://www.mozilla.org/security/advisories/mfsa2015-91/
https://www.mozilla.org/security/advisories/mfsa2015-92/
44d9daee-940c-4179-86bb-6e3ffd617869mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs

MFSA 2015-61 Type confusion in Indexed Database Manager

MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio

MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error

MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly

MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest

MFSA 2015-66 Vulnerabilities found through code inspection

MFSA 2015-67 Key pinning is ignored when overridable errors are encountered

MFSA 2015-68 OS X crash reports may contain entered key press information

MFSA 2015-69 Privilege escalation through internal workers

MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites

MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange


Discovery 2015-07-02
Entry 2015-07-16
Modified 2015-09-22
firefox
< 39.0,1

linux-firefox
< 39.0,1

seamonkey
< 2.35

linux-seamonkey
< 2.35

firefox-esr
< 31.8.0,1

ge 38.0,1 lt 38.1.0,1

libxul
< 31.8.0

ge 38.0 lt 38.1.0

thunderbird
< 31.8.0

ge 38.0 lt 38.1.0

linux-thunderbird
< 31.8.0

ge 38.0 lt 38.1.0

CVE-2015-2721
CVE-2015-2722
CVE-2015-2724
CVE-2015-2725
CVE-2015-2726
CVE-2015-2727
CVE-2015-2728
CVE-2015-2729
CVE-2015-2730
CVE-2015-2731
CVE-2015-2733
CVE-2015-2734
CVE-2015-2735
CVE-2015-2736
CVE-2015-2737
CVE-2015-2738
CVE-2015-2739
CVE-2015-2740
CVE-2015-2741
CVE-2015-2742
CVE-2015-2743
CVE-2015-4000
https://www.mozilla.org/security/advisories/mfsa2015-59/
https://www.mozilla.org/security/advisories/mfsa2015-60/
https://www.mozilla.org/security/advisories/mfsa2015-61/
https://www.mozilla.org/security/advisories/mfsa2015-62/
https://www.mozilla.org/security/advisories/mfsa2015-63/
https://www.mozilla.org/security/advisories/mfsa2015-64/
https://www.mozilla.org/security/advisories/mfsa2015-65/
https://www.mozilla.org/security/advisories/mfsa2015-66/
https://www.mozilla.org/security/advisories/mfsa2015-67/
https://www.mozilla.org/security/advisories/mfsa2015-68/
https://www.mozilla.org/security/advisories/mfsa2015-69/
https://www.mozilla.org/security/advisories/mfsa2015-70/
https://www.mozilla.org/security/advisories/mfsa2015-71/
d23119df-335d-11e2-b64c-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

MFSA 2012-92 Buffer overflow while rendering GIF images

MFSA 2012-93 evalInSanbox location context incorrectly applied

MFSA 2012-94 Crash when combining SVG text on path with CSS

MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page

MFSA 2012-96 Memory corruption in str_unescape

MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox

MFSA 2012-98 Firefox installer DLL hijacking

MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment

MFSA 2012-100 Improper security filtering for cross-origin wrappers

MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset

MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges

MFSA 2012-103 Frames can shadow top.location

MFSA 2012-104 CSS and HTML injection through Style Inspector

MFSA 2012-105 Use-after-free and buffer overflow issues found

MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer


Discovery 2012-11-20
Entry 2012-11-20
firefox
gt 11.0,1 lt 17.0,1

< 10.0.11,1

linux-firefox
< 10.0.11,1

linux-seamonkey
< 2.14

linux-thunderbird
< 10.0.11

seamonkey
< 2.14

thunderbird
gt 11.0 lt 17.0

< 10.0.11

libxul
gt 1.9.2.* lt 10.0.11

CVE-2012-4201
CVE-2012-4202
CVE-2012-4203
CVE-2012-4204
CVE-2012-4205
CVE-2012-4206
CVE-2012-4207
CVE-2012-4208
CVE-2012-4209
CVE-2012-4210
CVE-2012-4212
CVE-2012-4213
CVE-2012-4214
CVE-2012-4215
CVE-2012-4216
CVE-2012-4217
CVE-2012-4218
CVE-2012-5829
CVE-2012-5830
CVE-2012-5833
CVE-2012-5835
CVE-2012-5836
CVE-2012-5837
CVE-2012-5838
CVE-2012-5839
CVE-2012-5840
CVE-2012-5841
CVE-2012-5842
CVE-2012-5843
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
http://www.mozilla.org/security/announce/2012/mfsa2012-94.html
http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
http://www.mozilla.org/security/announce/2012/mfsa2012-96.html
http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
http://www.mozilla.org/security/known-vulnerabilities/
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
< 48.0,1

seamonkey
linux-seamonkey
< 2.45

firefox-esr
< 45.3.0,1

linux-firefox
< 45.3.0,2

libxul
thunderbird
linux-thunderbird
< 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
92d44f83-a7bf-41cf-91ee-3d1b8ecf579fmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

MFSA 2016-42 Use-after-free and buffer overflow in Service Workers

MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets

MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace

MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions

MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()

MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains


Discovery 2016-04-26
Entry 2016-04-26
firefox
linux-firefox
< 46.0,1

seamonkey
linux-seamonkey
< 2.43

firefox-esr
ge 39.0,1 lt 45.1.0,1

< 38.8.0,1

libxul
thunderbird
linux-thunderbird
ge 39.0 lt 45.1.0

< 38.8.0

CVE-2016-2804
CVE-2016-2805
CVE-2016-2806
CVE-2016-2807
CVE-2016-2808
CVE-2016-2811
CVE-2016-2812
CVE-2016-2814
CVE-2016-2816
CVE-2016-2817
CVE-2016-2820
https://www.mozilla.org/security/advisories/mfsa2016-39/
https://www.mozilla.org/security/advisories/mfsa2016-42/
https://www.mozilla.org/security/advisories/mfsa2016-44/
https://www.mozilla.org/security/advisories/mfsa2016-45/
https://www.mozilla.org/security/advisories/mfsa2016-46/
https://www.mozilla.org/security/advisories/mfsa2016-47/
https://www.mozilla.org/security/advisories/mfsa2016-48/
b1f7d52f-fc42-48e8-8403-87d4c9d26229mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-18500: Use-after-free parsing HTML5 stream

CVE-2018-18503: Memory corruption with Audio Buffer

CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer

CVE-2018-18505: Privilege escalation through IPC channel messages

CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied

CVE-2018-18502: Memory safety bugs fixed in Firefox 65

CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5


Discovery 2019-01-29
Entry 2019-01-29
Modified 2019-07-23
firefox
< 65.0_1,1

waterfox
< 56.2.7

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.5.0_1,1

linux-firefox
< 60.5.0,2

libxul
thunderbird
linux-thunderbird
< 60.5.0

CVE-2018-18500
CVE-2018-18501
CVE-2018-18502
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2018-18506
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
e60169c4-aa86-46b0-8ae2-0d81f683df09mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-01-24
Entry 2017-01-24
firefox
< 51.0_1,1

seamonkey
linux-seamonkey
< 2.48

firefox-esr
< 45.7.0,1

linux-firefox
< 45.7.0,2

libxul
thunderbird
linux-thunderbird
< 45.7.0

CVE-2017-5373
CVE-2017-5374
CVE-2017-5375
CVE-2017-5376
CVE-2017-5377
CVE-2017-5378
CVE-2017-5379
CVE-2017-5380
CVE-2017-5381
CVE-2017-5382
CVE-2017-5383
CVE-2017-5384
CVE-2017-5385
CVE-2017-5386
CVE-2017-5387
CVE-2017-5388
CVE-2017-5389
CVE-2017-5390
CVE-2017-5391
CVE-2017-5392
CVE-2017-5393
CVE-2017-5394
CVE-2017-5395
CVE-2017-5396
https://www.mozilla.org/security/advisories/mfsa2017-01/
https://www.mozilla.org/security/advisories/mfsa2017-02/
e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

MFSA 2013-22 Out-of-bounds read in image rendering

MFSA 2013-23 Wrapped WebIDL objects can be wrapped again

MFSA 2013-24 Web content bypass of COW and SOW security wrappers

MFSA 2013-25 Privacy leak in JavaScript Workers

MFSA 2013-26 Use-after-free in nsImageLoadingContent

MFSA 2013-27 Phishing on HTTPS connection through malicious proxy

MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer


Discovery 2013-02-19
Entry 2013-02-19
Modified 2013-02-20
firefox
gt 18.0,1 lt 19.0,1

< 17.0.3,1

linux-firefox
< 17.0.3,1

linux-seamonkey
< 2.16

linux-thunderbird
< 17.0.3

seamonkey
< 2.16

thunderbird
gt 11.0 lt 17.0.3

< 10.0.12

libxul
gt 1.9.2.* lt 10.0.12

CVE-2013-0765
CVE-2013-0772
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0783
CVE-2013-0784
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-22.html
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/known-vulnerabilities/
5e0a038a-ca30-416d-a2f5-38cbf5e7df33mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-09-19
firefox
< 53.0_2,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
ge 46.0,1 lt 52.1.0_2,1

< 45.9.0,1

linux-firefox
ge 46.0,2 lt 52.1.0,2

< 45.9.0,2

libxul
ge 46.0 lt 52.1.0

< 45.9.0

thunderbird
linux-thunderbird
ge 46.0 lt 52.1.0

< 45.9.0

CVE-2017-5433
CVE-2017-5435
CVE-2017-5436
CVE-2017-5461
CVE-2017-5459
CVE-2017-5466
CVE-2017-5434
CVE-2017-5432
CVE-2017-5460
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5464
CVE-2017-5443
CVE-2017-5444
CVE-2017-5446
CVE-2017-5447
CVE-2017-5465
CVE-2017-5448
CVE-2017-5437
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5469
CVE-2017-5445
CVE-2017-5449
CVE-2017-5450
CVE-2017-5451
CVE-2017-5462
CVE-2017-5463
CVE-2017-5467
CVE-2017-5452
CVE-2017-5453
CVE-2017-5458
CVE-2017-5468
CVE-2017-5430
CVE-2017-5429
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
8065d37b-8e7c-4707-a608-1b0a2b8509c3mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

MFSA 2016-50 Buffer overflow parsing HTML5 fragments

MFSA 2016-51 Use-after-free deleting tables from a contenteditable document

MFSA 2016-52 Addressbar spoofing though the SELECT element

MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI

MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction

MFSA 2016-57 Incorrect icon displayed on permissions notifications

MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission

MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes

MFSA 2016-60 Java applets bypass CSP protections


Discovery 2016-06-07
Entry 2016-06-07
firefox
< 47.0,1

seamonkey
linux-seamonkey
< 2.44

firefox-esr
< 45.2.0,1

linux-firefox
< 45.2.0,2

libxul
thunderbird
linux-thunderbird
< 45.2.0

CVE-2016-2815
CVE-2016-2818
CVE-2016-2819
CVE-2016-2821
CVE-2016-2822
CVE-2016-2825
CVE-2016-2828
CVE-2016-2829
CVE-2016-2831
CVE-2016-2832
CVE-2016-2833
https://www.mozilla.org/security/advisories/mfsa2016-49/
https://www.mozilla.org/security/advisories/mfsa2016-50/
https://www.mozilla.org/security/advisories/mfsa2016-51/
https://www.mozilla.org/security/advisories/mfsa2016-52/
https://www.mozilla.org/security/advisories/mfsa2016-54/
https://www.mozilla.org/security/advisories/mfsa2016-56/
https://www.mozilla.org/security/advisories/mfsa2016-57/
https://www.mozilla.org/security/advisories/mfsa2016-58/
https://www.mozilla.org/security/advisories/mfsa2016-59/
https://www.mozilla.org/security/advisories/mfsa2016-60/
cd81806c-26e7-4d4a-8425-02724a2f48afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9


Discovery 2018-06-26
Entry 2018-06-26
Modified 2018-07-07
firefox
< 61.0_1,1

waterfox
< 56.2.1.19_2

seamonkey
linux-seamonkey
< 2.49.4

firefox-esr
ge 60.0,1 lt 60.1.0_1,1

< 52.9.0_1,1

linux-firefox
< 52.9.0,2

libxul
thunderbird
linux-thunderbird
< 52.9.0

CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
d9b43004-f5fd-4807-b1d7-dbf66455b244mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer

MFSA-2015-48 Buffer overflow with SVG content and CSS

MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu

MFSA-2015-50 Out-of-bounds read and write in asm.js validation

MFSA-2015-51 Use-after-free during text processing with vertical text enabled

MFSA-2015-52 Sensitive URL encoded information written to Android logcat

MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown

MFSA-2015-54 Buffer overflow when parsing compressed XML

MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata

MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses

MFSA-2015-57 Privilege escalation through IPC channel messages

MFSA-2015-58 Mozilla Windows updater can be run outside of application directory

MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata


Discovery 2015-05-12
Entry 2015-05-12
Modified 2015-08-28
firefox
< 38.0,1

linux-firefox
< 38.0,1

seamonkey
< 2.35

linux-seamonkey
< 2.35

firefox-esr
< 31.7.0,1

libxul
< 31.7.0

ge 32.0 lt 38.0

thunderbird
< 31.7.0

ge 32.0 lt 38.0

linux-thunderbird
< 31.7.0

ge 32.0 lt 38.0

CVE-2011-3079
CVE-2015-0797
CVE-2015-0833
CVE-2015-2708
CVE-2015-2709
CVE-2015-2710
CVE-2015-2711
CVE-2015-2712
CVE-2015-2713
CVE-2015-2714
CVE-2015-2715
CVE-2015-2716
CVE-2015-2717
CVE-2015-2718
CVE-2015-2720
CVE-2015-4496
https://www.mozilla.org/security/advisories/mfsa2015-46/
https://www.mozilla.org/security/advisories/mfsa2015-47/
https://www.mozilla.org/security/advisories/mfsa2015-48/
https://www.mozilla.org/security/advisories/mfsa2015-49/
https://www.mozilla.org/security/advisories/mfsa2015-50/
https://www.mozilla.org/security/advisories/mfsa2015-51/
https://www.mozilla.org/security/advisories/mfsa2015-52/
https://www.mozilla.org/security/advisories/mfsa2015-53/
https://www.mozilla.org/security/advisories/mfsa2015-54/
https://www.mozilla.org/security/advisories/mfsa2015-55/
https://www.mozilla.org/security/advisories/mfsa2015-56/
https://www.mozilla.org/security/advisories/mfsa2015-57/
https://www.mozilla.org/security/advisories/mfsa2015-58/
https://www.mozilla.org/security/advisories/mfsa2015-93/
6cec1b0a-da15-467d-8691-1dea392d4c8dmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-06-13
Entry 2017-06-13
Modified 2017-09-19
firefox
< 54.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.2.0,1

linux-firefox
< 52.2.0,2

libxul
thunderbird
linux-thunderbird
< 52.2.0

CVE-2017-5470
CVE-2017-5471
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
05da6b56-3e66-4306-9ea3-89fafe939726mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9790: Use-after-free when removing in-use DOM elements

CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled

CVE-2019-9794: Command line arguments not discarded during execution

CVE-2019-9795: Type-confusion in IonMonkey JIT compiler

CVE-2019-9796: Use-after-free with SMIL animation controller

CVE-2019-9797: Cross-origin theft of images with createImageBitmap

CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location

CVE-2019-9799: Information disclosure via IPC channel messages

CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content

CVE-2019-9802: Chrome process information leak

CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation

CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

CVE-2019-9805: Potential use of uninitialized memory in Prio

CVE-2019-9806: Denial of service through successive FTP authorization prompts

CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages

CVE-2019-9809: Denial of service through FTP modal alert error messages

CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs

CVE-2019-9789: Memory safety bugs fixed in Firefox 66

CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6


Discovery 2019-03-19
Entry 2019-03-19
Modified 2019-07-23
firefox
< 66.0_3,1

waterfox
< 56.2.9

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.6.0,1

linux-firefox
< 60.6.0,2

libxul
thunderbird
linux-thunderbird
< 60.6.0

CVE-2019-9788
CVE-2019-9789
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9797
CVE-2019-9798
CVE-2019-9799
CVE-2019-9801
CVE-2019-9802
CVE-2019-9803
CVE-2019-9804
CVE-2019-9805
CVE-2019-9806
CVE-2019-9807
CVE-2019-9808
CVE-2019-9809
https://www.mozilla.org/security/advisories/mfsa2019-07/
https://www.mozilla.org/security/advisories/mfsa2019-08/
512c0ffd-cd39-4da4-b2dc-81ff4ba8e238mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-9894: Buffer overflow in SkiaGL

CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements

CVE-2016-9895: CSP bypass using marquee tag

CVE-2016-9896: Use-after-free with WebVR

CVE-2016-9897: Memory corruption in libGLES

CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees

CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs

CVE-2016-9904: Cross-origin information leak in shared atoms

CVE-2016-9901: Data from Pocket server improperly sanitized before execution

CVE-2016-9902: Pocket extension does not validate the origin of events

CVE-2016-9903: XSS injection vulnerability in add-ons SDK

CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6


Discovery 2016-12-13
Entry 2016-12-14
firefox
< 50.1.0_1,1

seamonkey
linux-seamonkey
< 2.47

firefox-esr
< 45.6.0,1

linux-firefox
< 45.6.0,2

libxul
thunderbird
linux-thunderbird
< 45.6.0

CVE-2016-9894
CVE-2016-9899
CVE-2016-9895
CVE-2016-9896
CVE-2016-9897
CVE-2016-9898
CVE-2016-9900
CVE-2016-9904
CVE-2016-9901
CVE-2016-9902
CVE-2016-9903
CVE-2016-9080
CVE-2016-9893
https://www.mozilla.org/security/advisories/mfsa2016-94/
https://www.mozilla.org/security/advisories/mfsa2016-95/
d0c97697-df2c-4b8b-bff2-cec24dc35af8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin

MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack

MFSA-2015-33 resource:// documents can load privileged pages

MFSA-2015-34 Out of bounds read in QCMS library

MFSA-2015-35 Cursor clickjacking with flash and images

MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC

MFSA-2015-37 CORS requests should not follow 30x redirections after preflight

MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing

MFSA-2015-39 Use-after-free due to type confusion flaws

MFSA-2015-40 Same-origin bypass through anchor navigation

MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android

MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages


Discovery 2015-03-31
Entry 2015-03-31
firefox
< 37.0,1

firefox-esr
< 31.6.0,1

linux-firefox
< 37.0,1

linux-seamonkey
< 2.34

linux-thunderbird
< 31.6.0

seamonkey
< 2.34

thunderbird
< 31.6.0

libxul
< 31.6.0

CVE-2012-2808
CVE-2015-0800
CVE-2015-0801
CVE-2015-0802
CVE-2015-0803
CVE-2015-0804
CVE-2015-0805
CVE-2015-0806
CVE-2015-0807
CVE-2015-0808
CVE-2015-0810
CVE-2015-0811
CVE-2015-0812
CVE-2015-0813
CVE-2015-0814
CVE-2015-0815
CVE-2015-0816
https://www.mozilla.org/security/advisories/mfsa2015-30/
https://www.mozilla.org/security/advisories/mfsa2015-31/
https://www.mozilla.org/security/advisories/mfsa2015-32/
https://www.mozilla.org/security/advisories/mfsa2015-33/
https://www.mozilla.org/security/advisories/mfsa2015-34/
https://www.mozilla.org/security/advisories/mfsa2015-35/
https://www.mozilla.org/security/advisories/mfsa2015-36/
https://www.mozilla.org/security/advisories/mfsa2015-37/
https://www.mozilla.org/security/advisories/mfsa2015-38/
https://www.mozilla.org/security/advisories/mfsa2015-39/
https://www.mozilla.org/security/advisories/mfsa2015-40/
https://www.mozilla.org/security/advisories/mfsa2015-41/
https://www.mozilla.org/security/advisories/mfsa2015-42/
https://www.mozilla.org/security/advisories/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -