FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

CVE-2019-9816: Type confusion with object groups and UnboxedObjects

CVE-2019-9817: Stealing of cross-domain images using canvas

CVE-2019-9818: Use-after-free in crash generation server

CVE-2019-9819: Compartment mismatch with fetch API

CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

CVE-2019-9821: Use-after-free in AssertWorkerThread

CVE-2019-11691: Use-after-free in XMLHttpRequest

CVE-2019-11692: Use-after-free removing listeners in the event listener manager

CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

CVE-2019-7317: Use-after-free in png_image_free of libpng library

CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

CVE-2019-11695: Custom cursor can render over user interface outside of web content

CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts

CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions

CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

CVE-2019-11700: res: protocol can be used to open known local files

CVE-2019-11699: Incorrect domain name highlighting during page navigation

CVE-2019-11701: webcal: protocol default handler loads vulnerable web page

CVE-2019-9814: Memory safety bugs fixed in Firefox 67

CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7


Discovery 2019-05-21
Entry 2019-05-22
Modified 2019-07-23
firefox
< 67.0,1

waterfox
< 56.2.10

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.7.0,1

linux-firefox
< 60.7.0,2

libxul
thunderbird
linux-thunderbird
< 60.7.0

CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317
CVE-2019-11694
CVE-2019-11695
CVE-2019-11696
CVE-2019-11697
CVE-2019-11698
CVE-2019-11700
CVE-2019-11699
CVE-2019-11701
CVE-2019-9814
CVE-2019-9800
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/
2b8cad90-f289-11e1-a215-14dae9ebcf89mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

MFSA 2012-58 Use-after-free issues found using Address Sanitizer

MFSA 2012-59 Location object can be shadowed using Object.defineProperty

MFSA 2012-60 Escalation of privilege through about:newtab

MFSA 2012-61 Memory corruption with bitmap format images with negative height

MFSA 2012-62 WebGL use-after-free and memory corruption

MFSA 2012-63 SVG buffer overflow and use-after-free issues

MFSA 2012-64 Graphite 2 memory corruption

MFSA 2012-65 Out-of-bounds read in format-number in XSLT

MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation

MFSA 2012-67 Installer will launch incorrect executable following new installation

MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html

MFSA 2012-69 Incorrect site SSL certificate data display

MFSA 2012-70 Location object security checks bypassed by chrome code

MFSA 2012-71 Insecure use of __android_log_print

MFSA 2012-72 Web console eval capable of executing chrome-privileged code


Discovery 2012-08-28
Entry 2012-08-30
firefox
gt 11.0,1 lt 15.0,1

< 10.0.7,1

linux-firefox
< 10.0.7,1

linux-seamonkey
< 2.12

linux-thunderbird
< 10.0.7

seamonkey
< 2.12

thunderbird
gt 11.0 lt 15.0

< 10.0.7

libxul
gt 1.9.2.* lt 10.0.7

CVE-2012-1956
CVE-2012-1970
CVE-2012-1971
CVE-2012-1972
CVE-2012-1973
CVE-2012-1974
CVE-2012-1975
CVE-2012-1976
CVE-2012-3956
CVE-2012-3957
CVE-2012-3958
CVE-2012-3959
CVE-2012-3960
CVE-2012-3961
CVE-2012-3962
CVE-2012-3963
CVE-2012-3964
CVE-2012-3965
CVE-2012-3966
CVE-2012-3967
CVE-2012-3968
CVE-2012-3969
CVE-2012-3970
CVE-2012-3971
CVE-2012-3972
CVE-2012-3973
CVE-2012-3974
CVE-2012-3975
CVE-2012-3976
CVE-2012-3978
CVE-2012-3979
CVE-2012-3980
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -