FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

CVE-2019-9816: Type confusion with object groups and UnboxedObjects

CVE-2019-9817: Stealing of cross-domain images using canvas

CVE-2019-9818: Use-after-free in crash generation server

CVE-2019-9819: Compartment mismatch with fetch API

CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

CVE-2019-9821: Use-after-free in AssertWorkerThread

CVE-2019-11691: Use-after-free in XMLHttpRequest

CVE-2019-11692: Use-after-free removing listeners in the event listener manager

CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

CVE-2019-7317: Use-after-free in png_image_free of libpng library

CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

CVE-2019-11695: Custom cursor can render over user interface outside of web content

CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts

CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions

CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

CVE-2019-11700: res: protocol can be used to open known local files

CVE-2019-11699: Incorrect domain name highlighting during page navigation

CVE-2019-11701: webcal: protocol default handler loads vulnerable web page

CVE-2019-9814: Memory safety bugs fixed in Firefox 67

CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7


Discovery 2019-05-21
Entry 2019-05-22
Modified 2019-07-23
firefox
< 67.0,1

waterfox
< 56.2.10

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.7.0,1

linux-firefox
< 60.7.0,2

libxul
thunderbird
linux-thunderbird
< 60.7.0

CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317
CVE-2019-11694
CVE-2019-11695
CVE-2019-11696
CVE-2019-11697
CVE-2019-11698
CVE-2019-11700
CVE-2019-11699
CVE-2019-11701
CVE-2019-9814
CVE-2019-9800
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/
2225c5b4-1e5a-44fc-9920-b3201c384a15mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports

MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages

MFSA 2016-19 Linux video memory DOS with Intel drivers

MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing

MFSA 2016-21 Displayed page address can be overridden

MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager

MFSA 2016-23 Use-after-free in HTML5 string parser

MFSA 2016-24 Use-after-free in SetBody

MFSA 2016-25 Use-after-free when using multiple WebRTC data channels

MFSA 2016-26 Memory corruption when modifying a file being read by FileReader

MFSA 2016-27 Use-after-free during XML transformations

MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property

MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore

MFSA 2016-31 Memory corruption with malicious NPAPI plugin

MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection

MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC

MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-08
firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1952
CVE-2016-1953
CVE-2016-1954
CVE-2016-1955
CVE-2016-1956
CVE-2016-1957
CVE-2016-1958
CVE-2016-1959
CVE-2016-1960
CVE-2016-1961
CVE-2016-1962
CVE-2016-1963
CVE-2016-1964
CVE-2016-1965
CVE-2016-1966
CVE-2016-1967
CVE-2016-1970
CVE-2016-1971
CVE-2016-1972
CVE-2016-1973
CVE-2016-1974
CVE-2016-1975
CVE-2016-1976
https://www.mozilla.org/security/advisories/mfsa2016-16/
https://www.mozilla.org/security/advisories/mfsa2016-17/
https://www.mozilla.org/security/advisories/mfsa2016-18/
https://www.mozilla.org/security/advisories/mfsa2016-19/
https://www.mozilla.org/security/advisories/mfsa2016-20/
https://www.mozilla.org/security/advisories/mfsa2016-21/
https://www.mozilla.org/security/advisories/mfsa2016-22/
https://www.mozilla.org/security/advisories/mfsa2016-23/
https://www.mozilla.org/security/advisories/mfsa2016-24/
https://www.mozilla.org/security/advisories/mfsa2016-25/
https://www.mozilla.org/security/advisories/mfsa2016-26/
https://www.mozilla.org/security/advisories/mfsa2016-27/
https://www.mozilla.org/security/advisories/mfsa2016-28/
https://www.mozilla.org/security/advisories/mfsa2016-29/
https://www.mozilla.org/security/advisories/mfsa2016-31/
https://www.mozilla.org/security/advisories/mfsa2016-32/
https://www.mozilla.org/security/advisories/mfsa2016-33/
https://www.mozilla.org/security/advisories/mfsa2016-34/
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

libbrotli
< 0.3.0_3

chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
6cec1b0a-da15-467d-8691-1dea392d4c8dmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-06-13
Entry 2017-06-13
Modified 2017-09-19
firefox
< 54.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.2.0,1

linux-firefox
< 52.2.0,2

libxul
thunderbird
linux-thunderbird
< 52.2.0

CVE-2017-5470
CVE-2017-5471
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
23f59689-0152-42d3-9ade-1658d6380567mozilla -- use-after-free in compositor

The Mozilla Foundation reports:

CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.


Discovery 2018-03-26
Entry 2018-03-27
Modified 2018-03-31
firefox
< 59.0.2,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.3,1

linux-firefox
< 52.7.3,2

libxul
< 52.7.3

linux-thunderbird
< 52.7.1

thunderbird
< 52.7.0_1

CVE-2018-5148
https://www.mozilla.org/security/advisories/mfsa2018-10/
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
< 48.0,1

seamonkey
linux-seamonkey
< 2.45

firefox-esr
< 45.3.0,1

linux-firefox
< 45.3.0,2

libxul
thunderbird
linux-thunderbird
< 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
18f39fb6-7400-4063-acaf-0806e92c094fMozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports:

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.


Discovery 2016-11-30
Entry 2016-12-01
Modified 2016-12-16
firefox
< 50.0.2,1

firefox-esr
< 45.5.1,1

linux-firefox
< 45.5.1,2

seamonkey
< 2.46

linux-seamonkey
< 2.46

libxul
< 45.5.1

thunderbird
< 45.5.1

linux-thunderbird
< 45.5.1

CVE-2016-9079
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -