diff options
| author | jbeich <jbeich@FreeBSD.org> | 2016-04-27 04:24:35 +0800 |
|---|---|---|
| committer | jbeich <jbeich@FreeBSD.org> | 2016-04-27 04:24:35 +0800 |
| commit | 8265f377c1d72aba052160fb40864347099d338c (patch) | |
| tree | b45585ad3f499cba457028cea1319d5e4993b382 /security | |
| parent | 098336ecc8d0305396391a58f6976e6ca0f60658 (diff) | |
| download | freebsd-ports-graphics-8265f377c1d72aba052160fb40864347099d338c.tar.gz freebsd-ports-graphics-8265f377c1d72aba052160fb40864347099d338c.tar.zst freebsd-ports-graphics-8265f377c1d72aba052160fb40864347099d338c.zip | |
Document recent Firefox vulnerabilities
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 363dc5b10e6..8c65cb003ae 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,79 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="92d44f83-a7bf-41cf-91ee-3d1b8ecf579f"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <name>linux-firefox</name> + <range><lt>46.0,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.43</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><ge>39.0,1</ge><lt>45.1.0,1</lt></range> + <range><lt>38.8.0,1</lt></range> + </package> + <package> + <name>libxul</name> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><ge>39.0</ge><lt>45.1.0</lt></range> + <range><lt>38.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46"> + <p>MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / + rv:45.1 / rv:38.8)</p> + <p>MFSA 2016-42 Use-after-free and buffer overflow + in Service Workers</p> + <p>MFSA 2016-44 Buffer overflow in libstagefright with + CENC offsets</p> + <p>MFSA 2016-45 CSP not applied to pages sent with + multipart/x-mixed-replace</p> + <p>MFSA 2016-46 Elevation of privilege with + chrome.tabs.update API in web extensions</p> + <p>MFSA 2016-47 Write to invalid HashMap entry through + JavaScript.watch()</p> + <p>MFSA 2016-48 Firefox Health Reports could accept events + from untrusted domains</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-2804</cvename> + <cvename>CVE-2016-2805</cvename> + <cvename>CVE-2016-2806</cvename> + <cvename>CVE-2016-2807</cvename> + <cvename>CVE-2016-2808</cvename> + <cvename>CVE-2016-2811</cvename> + <cvename>CVE-2016-2812</cvename> + <cvename>CVE-2016-2814</cvename> + <cvename>CVE-2016-2816</cvename> + <cvename>CVE-2016-2817</cvename> + <cvename>CVE-2016-2820</cvename> + <url>https://www.mozilla.org/security/advisories/mfsa2016-39/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-42/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-44/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-45/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-46/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-47/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-48/</url> + </references> + <dates> + <discovery>2016-04-26</discovery> + <entry>2016-04-26</entry> + </dates> + </vuln> + <vuln vid="f87a9376-0943-11e6-8fc4-00a0986f28c4"> <topic>phpmyfaq -- cross-site request forgery vulnerability</topic> <affects> |