sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 17:59:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

document mozilla vulnerabilities (<48, <45.3esr)

Browse source 
PR:		212463
Approved by:	jbeich (maintainer), rene (mentor)
This commit is contained in:
Christoph Moench-Tegeder 2016-09-09 11:02:05 +00:00
parent 1c609b6d67
commit 4ad67b8d0d
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=421609
1 changed files with 127 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

127
security/vuxml/vuln.xml
View file

@ -58,6 +58,133 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="aa1aefe3-6e37-47db-bfda-343ef4acb1b5">
<topic>Mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>48.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>45.3.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>45.3.0,2</lt></range>
</package>
<package>
<name>libxul</name>
<name>thunderbird</name>
<name>linux-thunderbird</name>
<range><lt>45.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48">
<p>MFSA2016-84 Information disclosure through Resource Timing API \
during page navigation</p>
<p>MFSA2016-83 Spoofing attack through text injection into \
internal error pages</p>
<p>MFSA2016-82 Addressbar spoofing with right-to-left characters \
on Firefox for Android</p>
<p>MFSA2016-81 Information disclosure and local file \
manipulation through drag and drop</p>
<p>MFSA2016-80 Same-origin policy violation using local HTML
file and saved shortcut file</p>
<p>MFSA2016-79 Use-after-free when applying SVG effects</p>
<p>MFSA2016-78 Type confusion in display transformation</p>
<p>MFSA2016-77 Buffer overflow in ClearKey Content Decryption
Module (CDM) during video playback</p>
<p>MFSA2016-76 Scripts on marquee tag can execute in sandboxed
iframes</p>
<p>MFSA2016-75 Integer overflow in WebSockets during data \
buffering</p>
<p>MFSA2016-74 Form input type change from password to text \
can store plain text password in session restore file</p>
<p>MFSA2016-73 Use-after-free in service workers with nested
sync events</p>
<p>MFSA2016-72 Use-after-free in DTLS during WebRTC session
shutdown</p>
<p>MFSA2016-71 Crash in incremental garbage collection in \
JavaScript</p>
<p>MFSA2016-70 Use-after-free when using alt key and toplevel
menus</p>
<p>MFSA2016-69 Arbitrary file manipulation by local user through \
Mozilla updater and callback application path parameter</p>
<p>MFSA2016-68 Out-of-bounds read during XML parsing in \
Expat library</p>
<p>MFSA2016-67 Stack underflow during 2D graphics rendering</p>
<p>MFSA2016-66 Location bar spoofing via data URLs with \
malformed/invalid mediatypes</p>
<p>MFSA2016-65 Cairo rendering crash due to memory allocation
issue with FFmpeg 0.10</p>
<p>MFSA2016-64 Buffer overflow rendering SVG with bidirectional
content</p>
<p>MFSA2016-63 Favicon network connection can persist when page
is closed</p>
<p>MFSA2016-62 Miscellaneous memory safety hazards (rv:48.0 /
rv:45.3)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2016-0718</cvename>
<cvename>CVE-2016-2830</cvename>
<cvename>CVE-2016-2835</cvename>
<cvename>CVE-2016-2836</cvename>
<cvename>CVE-2016-2837</cvename>
<cvename>CVE-2016-2838</cvename>
<cvename>CVE-2016-2839</cvename>
<cvename>CVE-2016-5250</cvename>
<cvename>CVE-2016-5251</cvename>
<cvename>CVE-2016-5252</cvename>
<cvename>CVE-2016-5253</cvename>
<cvename>CVE-2016-5254</cvename>
<cvename>CVE-2016-5255</cvename>
<cvename>CVE-2016-5258</cvename>
<cvename>CVE-2016-5259</cvename>
<cvename>CVE-2016-5260</cvename>
<cvename>CVE-2016-5261</cvename>
<cvename>CVE-2016-5262</cvename>
<cvename>CVE-2016-5263</cvename>
<cvename>CVE-2016-5264</cvename>
<cvename>CVE-2016-5265</cvename>
<cvename>CVE-2016-5266</cvename>
<cvename>CVE-2016-5267</cvename>
<cvename>CVE-2016-5268</cvename>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/</url>
<url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/</url>
</references>
<dates>
<discovery>2016-08-02</discovery>
<entry>2016-09-07</entry>
</dates>
</vuln>
<vuln vid="5cb18881-7604-11e6-b362-001999f8d30b">
<topic>asterisk -- RTP Resource Exhaustion</topic>
<affects>