diff options
author | miwi <miwi@FreeBSD.org> | 2009-08-05 06:57:02 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2009-08-05 06:57:02 +0800 |
commit | 8377a7681345bb57c1e6764f18319b3c2e98ac30 (patch) | |
tree | 248f05d604b827ad253cc01f7b1856094e58da25 | |
parent | e79308af1991b57c7351dee01ba14f8cef761c66 (diff) | |
download | freebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.tar.gz freebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.tar.zst freebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.zip |
- Document mozilla -- multiple vulnerabilities
-rw-r--r-- | security/vuxml/vuln.xml | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4fdd00d21d4e..57b30ff1ad95 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,69 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="49e8f2ee-8147-11de-a994-0030843d3802"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <name>linux-firefox-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>firefox3</name> + <name>linux-firefox</name> + <range><lt>3.0.13</lt></range> + </package> + <package> + <name>firefox35</name> + <range><lt>3.5.2</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.23</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name + longer than 15 characters</p> + <p>MFSA 2009-42: Compromise of SSL-protected communication</p> + <p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p> + <p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() + on invalid URL</p> + <p>MFSA 2009-45: Crashes with evidence of memory corruption + (rv:1.9.1.2/1.9.0.13)</p> + <p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached + wrapper</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2404</cvename> + <cvename>CVE-2009-2408</cvename> + <cvename>CVE-2009-2454</cvename> + <cvename>CVE-2009-2470</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-38.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-42.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-43.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-44.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-45.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-46.html</url> + </references> + <dates> + <discovery>2009-08-03</discovery> + <entry>2009-08-04</entry> + </dates> + </vuln> + <vuln vid="4e306850-811f-11de-8a67-000c29a67389"> <topic>silc-client -- Format string vulnerability</topic> <affects> |