aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorflo <flo@FreeBSD.org>2013-06-26 19:01:34 +0800
committerflo <flo@FreeBSD.org>2013-06-26 19:01:34 +0800
commit2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91 (patch)
tree95f37f9850e84f6918dba03cead478194c444dc5 /security/vuxml
parent670397c80589bb0b2ccbf7ead6a58ba10df2eab7 (diff)
downloadfreebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.tar.gz
freebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.tar.zst
freebsd-ports-gnome-2fde5a1d8567a987d8ea29f1ba7f64f5424a8f91.zip
- update firefox to 22.0
- update firefox-esr, thunderbird and libxul to 17.0.7 - update nspr to 4.10 - OSS support was removed upstream, only ALSA and PulseAudio are supported from now on. Security: b3fcb387-de4b-11e2-b1c6-0025905a4771 In collaboration with: Jan Beich <jbeich@tormail.org>
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml93
1 files changed, 92 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b677d4e3a51d..0e5f11991f01 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,98 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b3fcb387-de4b-11e2-b1c6-0025905a4771">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><gt>18.0,1</gt><lt>22.0,1</lt></range>
+ <range><lt>17.0.7,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>17.0.7,1</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.19</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>17.0.7</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.19</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><gt>11.0</gt><lt>17.0.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
+ <p>Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)</p>
+ <p>Title: Memory corruption found using Address Sanitizer</p>
+ <p>Privileged content access and execution via XBL</p>
+ <p>Arbitrary code execution within Profiler</p>
+ <p>Execution of unmapped memory through onreadystatechange</p>
+ <p>Data in the body of XHR HEAD requests leads to CSRF attacks</p>
+ <p>SVG filters can lead to information disclosure</p>
+ <p>PreserveWrapper has inconsistent behavior</p>
+ <p>Sandbox restrictions not applied to nested frame elements</p>
+ <p>X-Frame-Options ignored when using server push with multi-part
+ responses</p>
+ <p>XrayWrappers can be bypassed to run user defined methods in a
+ privileged context</p>
+ <p>getUserMedia permission dialog incorrectly displays location</p>
+ <p>Homograph domain spoofing in .com, .net and .name</p>
+ <p>Inaccessible updater can lead to local privilege escalation</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-1682</cvename>
+ <cvename>CVE-2013-1683</cvename>
+ <cvename>CVE-2013-1684</cvename>
+ <cvename>CVE-2013-1685</cvename>
+ <cvename>CVE-2013-1686</cvename>
+ <cvename>CVE-2013-1687</cvename>
+ <cvename>CVE-2013-1688</cvename>
+ <cvename>CVE-2013-1690</cvename>
+ <cvename>CVE-2013-1692</cvename>
+ <cvename>CVE-2013-1693</cvename>
+ <cvename>CVE-2013-1694</cvename>
+ <cvename>CVE-2013-1695</cvename>
+ <cvename>CVE-2013-1696</cvename>
+ <cvename>CVE-2013-1697</cvename>
+ <cvename>CVE-2013-1698</cvename>
+ <cvename>CVE-2013-1699</cvename>
+ <cvename>CVE-2013-1700</cvename>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-49.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-50.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-51.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-52.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-53.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-54.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-55.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-56.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-57.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-58.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-59.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-60.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-61.html</url>
+ <url>http://www.mozilla.org/security/announce/2013/mfsa2013-62.html</url>
+ <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
+ </references>
+ <dates>
+ <discovery>2013-06-25</discovery>
+ <entry>2013-06-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="01cf67b3-dc3b-11e2-a6cd-c48508086173">
<topic>cURL library -- heap corruption in curl_easy_unescape</topic>
<affects>
@@ -1477,7 +1569,6 @@ Note: Please add new entries to the beginning of this file.
<p>MFSA 2013-46 Use-after-free with video and onresize event</p>
<p>MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent</p>
<p>MFSA 2013-48 Memory corruption found using Address Sanitizer</p>
- <p> </p>
</blockquote>
</body>
</description>