diff options
author | flo <flo@FreeBSD.org> | 2013-06-26 19:01:34 +0800 |
---|---|---|
committer | flo <flo@FreeBSD.org> | 2013-06-26 19:01:34 +0800 |
commit | 2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91 (patch) | |
tree | 95f37f9850e84f6918dba03cead478194c444dc5 /security/vuxml | |
parent | 670397c80589bb0b2ccbf7ead6a58ba10df2eab7 (diff) | |
download | freebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.tar.gz freebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.tar.zst freebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.zip |
- update firefox to 22.0
- update firefox-esr, thunderbird and libxul to 17.0.7
- update nspr to 4.10
- OSS support was removed upstream, only ALSA and PulseAudio are supported
from now on.
Security: b3fcb387-de4b-11e2-b1c6-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 93 |
1 files changed, 92 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b677d4e3a51d..0e5f11991f01 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,98 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b3fcb387-de4b-11e2-b1c6-0025905a4771"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>18.0,1</gt><lt>22.0,1</lt></range> + <range><lt>17.0.7,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>17.0.7,1</lt></range> + </package> + <package> + <name>linux-seamonkey</name> + <range><lt>2.19</lt></range> + </package> + <package> + <name>linux-thunderbird</name> + <range><lt>17.0.7</lt></range> + </package> + <package> + <name>seamonkey</name> + <range><lt>2.19</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><gt>11.0</gt><lt>17.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)</p> + <p>Title: Memory corruption found using Address Sanitizer</p> + <p>Privileged content access and execution via XBL</p> + <p>Arbitrary code execution within Profiler</p> + <p>Execution of unmapped memory through onreadystatechange</p> + <p>Data in the body of XHR HEAD requests leads to CSRF attacks</p> + <p>SVG filters can lead to information disclosure</p> + <p>PreserveWrapper has inconsistent behavior</p> + <p>Sandbox restrictions not applied to nested frame elements</p> + <p>X-Frame-Options ignored when using server push with multi-part + responses</p> + <p>XrayWrappers can be bypassed to run user defined methods in a + privileged context</p> + <p>getUserMedia permission dialog incorrectly displays location</p> + <p>Homograph domain spoofing in .com, .net and .name</p> + <p>Inaccessible updater can lead to local privilege escalation</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1682</cvename> + <cvename>CVE-2013-1683</cvename> + <cvename>CVE-2013-1684</cvename> + <cvename>CVE-2013-1685</cvename> + <cvename>CVE-2013-1686</cvename> + <cvename>CVE-2013-1687</cvename> + <cvename>CVE-2013-1688</cvename> + <cvename>CVE-2013-1690</cvename> + <cvename>CVE-2013-1692</cvename> + <cvename>CVE-2013-1693</cvename> + <cvename>CVE-2013-1694</cvename> + <cvename>CVE-2013-1695</cvename> + <cvename>CVE-2013-1696</cvename> + <cvename>CVE-2013-1697</cvename> + <cvename>CVE-2013-1698</cvename> + <cvename>CVE-2013-1699</cvename> + <cvename>CVE-2013-1700</cvename> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-49.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-50.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-51.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-52.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-53.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-54.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-55.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-56.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-57.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-58.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-59.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-60.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-61.html</url> + <url>http://www.mozilla.org/security/announce/2013/mfsa2013-62.html</url> + <url>http://www.mozilla.org/security/known-vulnerabilities/</url> + </references> + <dates> + <discovery>2013-06-25</discovery> + <entry>2013-06-26</entry> + </dates> + </vuln> + <vuln vid="01cf67b3-dc3b-11e2-a6cd-c48508086173"> <topic>cURL library -- heap corruption in curl_easy_unescape</topic> <affects> @@ -1477,7 +1569,6 @@ Note: Please add new entries to the beginning of this file. <p>MFSA 2013-46 Use-after-free with video and onresize event</p> <p>MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent</p> <p>MFSA 2013-48 Memory corruption found using Address Sanitizer</p> - <p> </p> </blockquote> </body> </description> |