aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2009-08-05 06:57:02 +0800
committermiwi <miwi@FreeBSD.org>2009-08-05 06:57:02 +0800
commit8377a7681345bb57c1e6764f18319b3c2e98ac30 (patch)
tree248f05d604b827ad253cc01f7b1856094e58da25
parente79308af1991b57c7351dee01ba14f8cef761c66 (diff)
downloadfreebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.tar.gz
freebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.tar.zst
freebsd-ports-gnome-8377a7681345bb57c1e6764f18319b3c2e98ac30.zip
- Document mozilla -- multiple vulnerabilities
-rw-r--r--security/vuxml/vuln.xml63
1 files changed, 63 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4fdd00d21d4e..57b30ff1ad95 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,69 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="49e8f2ee-8147-11de-a994-0030843d3802">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <name>linux-firefox-devel</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>firefox3</name>
+ <name>linux-firefox</name>
+ <range><lt>3.0.13</lt></range>
+ </package>
+ <package>
+ <name>firefox35</name>
+ <range><lt>3.5.2</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>2.0.0.23</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>1.1.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Project reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/">
+ <p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name
+ longer than 15 characters</p>
+ <p>MFSA 2009-42: Compromise of SSL-protected communication</p>
+ <p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p>
+ <p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open()
+ on invalid URL</p>
+ <p>MFSA 2009-45: Crashes with evidence of memory corruption
+ (rv:1.9.1.2/1.9.0.13)</p>
+ <p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached
+ wrapper</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2009-2404</cvename>
+ <cvename>CVE-2009-2408</cvename>
+ <cvename>CVE-2009-2454</cvename>
+ <cvename>CVE-2009-2470</cvename>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-38.html</url>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-42.html</url>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-43.html</url>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-44.html</url>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-45.html</url>
+ <url>http://www.mozilla.org/security/announce/2009/mfsa2009-46.html</url>
+ </references>
+ <dates>
+ <discovery>2009-08-03</discovery>
+ <entry>2009-08-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4e306850-811f-11de-8a67-000c29a67389">
<topic>silc-client -- Format string vulnerability</topic>
<affects>