FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
44d9daee-940c-4179-86bb-6e3ffd617869	mozilla -- multiple vulnerabilities The Mozilla Project reports: MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest MFSA 2015-66 Vulnerabilities found through code inspection MFSA 2015-67 Key pinning is ignored when overridable errors are encountered MFSA 2015-68 OS X crash reports may contain entered key press information MFSA 2015-69 Privilege escalation through internal workers MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange Discovery 2015-07-02 Entry 2015-07-16 Modified 2015-09-22 firefox < 39.0,1 linux-firefox < 39.0,1 seamonkey < 2.35 linux-seamonkey < 2.35 firefox-esr < 31.8.0,1 ge 38.0,1 lt 38.1.0,1 libxul < 31.8.0 ge 38.0 lt 38.1.0 thunderbird < 31.8.0 ge 38.0 lt 38.1.0 linux-thunderbird < 31.8.0 ge 38.0 lt 38.1.0 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 https://www.mozilla.org/security/advisories/mfsa2015-59/ https://www.mozilla.org/security/advisories/mfsa2015-60/ https://www.mozilla.org/security/advisories/mfsa2015-61/ https://www.mozilla.org/security/advisories/mfsa2015-62/ https://www.mozilla.org/security/advisories/mfsa2015-63/ https://www.mozilla.org/security/advisories/mfsa2015-64/ https://www.mozilla.org/security/advisories/mfsa2015-65/ https://www.mozilla.org/security/advisories/mfsa2015-66/ https://www.mozilla.org/security/advisories/mfsa2015-67/ https://www.mozilla.org/security/advisories/mfsa2015-68/ https://www.mozilla.org/security/advisories/mfsa2015-69/ https://www.mozilla.org/security/advisories/mfsa2015-70/ https://www.mozilla.org/security/advisories/mfsa2015-71/
9ccfee39-3c3b-11df-9edc-000f20797ede	mozilla -- multiple vulnerabilities Mozilla Project reports: MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19) Discovery 2010-03-30 Entry 2010-03-30 seamonkey gt 2.0 lt 2.0.4 thunderbird ge 3.0 lt 3.0.4 firefox gt 3.5.,1 lt 3.5.9,1 gt 3.,1 lt 3.0.19,1 linux-firefox < 3.0.19,1 linux-firefox-devel < 3.5.9 nss linux-f10-nss < 3.12.5 CVE-2010-0181 CVE-2009-3555 CVE-2010-0179 CVE-2010-0178 CVE-2010-0177 CVE-2010-0176 CVE-2010-0175 CVE-2010-0174 CVE-2010-0173 http://www.mozilla.org/security/announce/2010/mfsa2010-24.html http://www.mozilla.org/security/announce/2010/mfsa2010-23.html http://www.mozilla.org/security/announce/2010/mfsa2010-22.html http://www.mozilla.org/security/announce/2010/mfsa2010-21.html http://www.mozilla.org/security/announce/2010/mfsa2010-20.html http://www.mozilla.org/security/announce/2010/mfsa2010-19.html http://www.mozilla.org/security/announce/2010/mfsa2010-18.html http://www.mozilla.org/security/announce/2010/mfsa2010-17.html http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
9d04936c-75f1-4a2c-9ade-4c1708be5df9	mozilla -- multiple vulnerabilities The Mozilla Project reports: MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped MFSA 2015-128 Memory corruption in libjar through zip files MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X MFSA 2015-125 XSS attack through intents on Firefox for Android MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files MFSA 2015-123 Buffer overflow during image interactions in canvas MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect MFSA 2015-120 Reading sensitive profile files through local HTML file on Android MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist MFSA 2015-117 Information disclosure through NTLM authentication MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) Discovery 2015-11-03 Entry 2015-11-19 Modified 2016-04-13 nspr < 4.10.10 linux-c6-nspr < 4.10.10 nss ge 3.20 lt 3.20.1 ge 3.19.3 lt 3.19.4 < 3.19.2.1 firefox < 42.0,1 linux-firefox < 42.0,1 seamonkey < 2.39 linux-seamonkey < 2.39 firefox-esr < 38.4.0,1 libxul < 38.4.0 thunderbird < 38.4.0 linux-thunderbird < 38.4.0 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 https://www.mozilla.org/security/advisories/mfsa2015-116/ https://www.mozilla.org/security/advisories/mfsa2015-117/ https://www.mozilla.org/security/advisories/mfsa2015-118/ https://www.mozilla.org/security/advisories/mfsa2015-119/ https://www.mozilla.org/security/advisories/mfsa2015-120/ https://www.mozilla.org/security/advisories/mfsa2015-121/ https://www.mozilla.org/security/advisories/mfsa2015-122/ https://www.mozilla.org/security/advisories/mfsa2015-123/ https://www.mozilla.org/security/advisories/mfsa2015-124/ https://www.mozilla.org/security/advisories/mfsa2015-125/ https://www.mozilla.org/security/advisories/mfsa2015-126/ https://www.mozilla.org/security/advisories/mfsa2015-127/ https://www.mozilla.org/security/advisories/mfsa2015-128/ https://www.mozilla.org/security/advisories/mfsa2015-129/ https://www.mozilla.org/security/advisories/mfsa2015-130/ https://www.mozilla.org/security/advisories/mfsa2015-131/ https://www.mozilla.org/security/advisories/mfsa2015-132/ https://www.mozilla.org/security/advisories/mfsa2015-133/
7c3a02b9-3273-4426-a0ba-f90fad2ff72e	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts CVE-2018-12397: CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs CVE-2018-12399: Spoofing of protocol registration notification bar CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android CVE-2018-12401: DOS attack through special resource URI parsing CVE-2018-12402: SameSite cookies leak when pages are explicitly saved CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP CVE-2018-12388: Memory safety bugs fixed in Firefox 63 CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 Discovery 2018-10-23 Entry 2018-10-23 Modified 2019-07-23 firefox < 63.0_1,1 waterfox < 56.2.5 seamonkey linux-seamonkey < 2.53.0 firefox-esr < 60.3.0,1 linux-firefox < 60.3.0,2 libxul thunderbird linux-thunderbird < 60.3.0 CVE-2018-12388 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12400 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
23f59689-0152-42d3-9ade-1658d6380567	mozilla -- use-after-free in compositor The Mozilla Foundation reports: CVE-2018-5148: Use-after-free in compositor A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. Discovery 2018-03-26 Entry 2018-03-27 Modified 2018-03-31 firefox < 59.0.2,1 waterfox < 56.0.4.36_3 seamonkey linux-seamonkey < 2.49.3 firefox-esr < 52.7.3,1 linux-firefox < 52.7.3,2 libxul < 52.7.3 linux-thunderbird < 52.7.1 thunderbird < 52.7.0_1 CVE-2018-5148 https://www.mozilla.org/security/advisories/mfsa2018-10/
380e8c56-8e32-11e1-9580-4061862b8c22	mozilla -- multiple vulnerabilities The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS via multibyte content processing errors MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error MFSA 2012-27 Page load short-circuit can lead to XSS MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues MFSA 2012-30 Crash with WebGL content using textImage2D MFSA 2012-31 Off-by-one error in OpenType Sanitizer MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds Discovery 2012-04-24 Entry 2012-04-24 firefox gt 11.0,1 lt 12.0,1 < 10.0.4,1 linux-firefox < 10.0.4,1 linux-seamonkey < 2.9 linux-thunderbird < 10.0.4 seamonkey < 2.9 thunderbird gt 11.0 lt 12.0 < 10.0.4 libxul gt 1.9.2.* lt 10.0.4 CVE-2011-1187 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 http://www.mozilla.org/security/announce/2012/mfsa2012-20.html http://www.mozilla.org/security/announce/2012/mfsa2012-21.html http://www.mozilla.org/security/announce/2012/mfsa2012-22.html http://www.mozilla.org/security/announce/2012/mfsa2012-23.html http://www.mozilla.org/security/announce/2012/mfsa2012-24.html http://www.mozilla.org/security/announce/2012/mfsa2012-25.html http://www.mozilla.org/security/announce/2012/mfsa2012-26.html http://www.mozilla.org/security/announce/2012/mfsa2012-27.html http://www.mozilla.org/security/announce/2012/mfsa2012-28.html http://www.mozilla.org/security/announce/2012/mfsa2012-29.html http://www.mozilla.org/security/announce/2012/mfsa2012-30.html http://www.mozilla.org/security/announce/2012/mfsa2012-31.html http://www.mozilla.org/security/announce/2012/mfsa2012-32.html http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
2c57c47e-8bb3-4694-83c8-9fc3abad3964	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low] CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] CVE-2016-5281 - use-after-free in DOMSVGLength [high] CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate] CVE-2016-5283 - fragment timing attack can reveal cross-origin data [high]</p> <p>CVE-2016-5284 - Add-on update site certificate pin expiration [high]</p> </blockquote> <br>Discovery 2016-09-13<br>Entry 2016-09-20<br>Modified 2016-10-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 49.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.4.0 </blockquote><br> CVE-2016-2827<br> CVE-2016-5256<br> CVE-2016-5257<br> CVE-2016-5270<br> CVE-2016-5271<br> CVE-2016-5272<br> CVE-2016-5273<br> CVE-2016-5274<br> CVE-2016-5275<br> CVE-2016-5276<br> CVE-2016-5277<br> CVE-2016-5278<br> CVE-2016-5279<br> CVE-2016-5280<br> CVE-2016-5281<br> CVE-2016-5282<br> CVE-2016-5283<br> CVE-2016-5284<br> https://www.mozilla.org/security/advisories/mfsa2016-85/<br> https://www.mozilla.org/security/advisories/mfsa2016-86/<br> https://www.mozilla.org/security/advisories/mfsa2016-88/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html">985d4d6c-cfbd-11e3-a003-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)</p> <p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer</p> <p>MFSA 2014-36 Web Audio memory corruption issues</p> <p>MFSA 2014-37 Out of bounds read while decoding JPG images</p> <p>MFSA 2014-38 Buffer overflow when using non-XBL object as XBL</p> <p>MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video</p> <p>MFSA 2014-41 Out-of-bounds write in Cairo</p> <p>MFSA 2014-42 Privilege escalation through Web Notification API</p> <p>MFSA 2014-43 Cross-site scripting (XSS) using history navigations</p> <p>MFSA 2014-44 Use-after-free in imgLoader while resizing images</p> <p>MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates</p> <p>MFSA 2014-46 Use-after-free in nsHostResolve</p> <p>MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript</p> </blockquote> <br>Discovery 2014-04-29<br>Entry 2014-04-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 29.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 29.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.26 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.5.0 </blockquote><br> seamonkey<br> <blockquote>< 2.26 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.5.0 </blockquote><br> CVE-2014-1529<br> CVE-2014-1492<br> CVE-2014-1518<br> CVE-2014-1519<br> CVE-2014-1520<br> CVE-2014-1522<br> CVE-2014-1523<br> CVE-2014-1524<br> CVE-2014-1525<br> CVE-2014-1526<br> CVE-2014-1527<br> CVE-2014-1528<br> CVE-2014-1530<br> CVE-2014-1531<br> CVE-2014-1532<br> https://www.mozilla.org/security/announce/2014/mfsa2014-34.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-35.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-36.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-37.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-38.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-39.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-41.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-42.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-43.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-44.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-45.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-46.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-47.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b7e23050-2d5d-4e61-9b48-62e89db222ca.html">b7e23050-2d5d-4e61-9b48-62e89db222ca</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/"> <p>CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data</p> <p>CVE-2017-7844: Visited history information leak through SVG image</p> </blockquote> <br>Discovery 2017-11-29<br>Entry 2017-12-05<br><a href="/www/firefox/">firefox<br> </a><blockquote>ge 57.0,1 lt 57.0.1,1</blockquote><br> <blockquote>< 56.0.2_11,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.s20171130 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.5.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.5.1,2 </blockquote><br> CVE-2017-7843<br> CVE-2017-7844<br> https://www.mozilla.org/security/advisories/mfsa2017-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8c2ea875-9499-11df-8e32-000f20797ede.html">8c2ea875-9499-11df-8e32-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)</p> <p>MFSA 2010-35 DOM attribute cloning remote code execution vulnerability</p> <p>MFSA 2010-36 Use-after-free error in NodeIterator</p> <p>MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability</p> <p>MFSA 2010-38 Arbitrary code execution using SJOW and fast native function</p> <p>MFSA 2010-39 nsCSSValue::Array index integer overflow</p> <p>MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability</p> <p>MFSA 2010-41 Remote code execution using malformed PNG image</p> <p>MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts</p> <p>MFSA 2010-43 Same-origin bypass using canvas context</p> <p>MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish</p> <p>MFSA 2010-45 Multiple location bar spoofing vulnerabilities</p> <p>MFSA 2010-46 Cross-domain data theft using CSS</p> <p>MFSA 2010-47 Cross-origin data leakage from script filename in error messages</p> </blockquote> <br>Discovery 2010-07-20<br>Entry 2010-07-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.7,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.11,1</blockquote><br> linux-firefox<br> <blockquote>< 3.6.7,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.11 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.6</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.6</blockquote><br> CVE-2010-0654<br> CVE-2010-1205<br> CVE-2010-1206<br> CVE-2010-1207<br> CVE-2010-1208<br> CVE-2010-1209<br> CVE-2010-1210<br> CVE-2010-1211<br> CVE-2010-1212<br> CVE-2010-1213<br> CVE-2010-1214<br> CVE-2010-1215<br> CVE-2010-2751<br> CVE-2010-2752<br> CVE-2010-2753<br> CVE-2010-2754<br> http://www.mozilla.org/security/announce/2010/mfsa2010-34.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-35.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-36.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-37.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-38.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-39.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-40.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-41.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-42.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-43.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-44.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-45.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-46.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-47.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html">76ff65f4-17ca-4d3f-864a-a3d6026194fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-28 Privilege escalation through SVG navigation</p> <p>MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination</p> </blockquote> <br>Discovery 2015-03-20<br>Entry 2015-03-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 36.0.4,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.5.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 36.0.4,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.33.1 </blockquote><br> seamonkey<br> <blockquote>< 2.33.1 </blockquote><br> libxul<br> <blockquote>< 31.5.3 </blockquote><br> CVE-2015-0817<br> CVE-2015-0818<br> https://www.mozilla.org/security/advisories/mfsa2015-28/<br> https://www.mozilla.org/security/advisories/mfsa2015-29/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html">dbf338d0-dce5-11e1-b655-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)</p> <p>MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop</p> <p>MFSA 2012-44 Gecko memory corruption</p> <p>MFSA 2012-45 Spoofing issue with location</p> <p>MFSA 2012-46 XSS through data: URLs</p> <p>MFSA 2012-47 Improper filtering of javascript in HTML feed-view</p> <p>MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden</p> <p>MFSA 2012-49 Same-compartment Security Wrappers can be bypassed</p> <p>MFSA 2012-50 Out of bounds read in QCMS</p> <p>MFSA 2012-51 X-Frame-Options header ignored when duplicated</p> <p>MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption</p> <p>MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage</p> <p>MFSA 2012-54 Clickjacking of certificate warning page</p> <p>MFSA 2012-55 feed: URLs with an innerURI inherit security context of page</p> <p>MFSA 2012-56 Code execution through javascript: URLs</p> </blockquote> <br>Discovery 2012-07-17<br>Entry 2012-08-02<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 14.0.1,1</blockquote><br> <blockquote>< 10.0.6,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.6,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.11 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.6 </blockquote><br> seamonkey<br> <blockquote>< 2.11 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 14.0</blockquote><br> <blockquote>< 10.0.6 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.6</blockquote><br> CVE-2012-1949<br> CVE-2012-1950<br> CVE-2012-1951<br> CVE-2012-1952<br> CVE-2012-1953<br> CVE-2012-1954<br> CVE-2012-1955<br> CVE-2012-1957<br> CVE-2012-1958<br> CVE-2012-1959<br> CVE-2012-1960<br> CVE-2012-1961<br> CVE-2012-1962<br> CVE-2012-1963<br> CVE-2012-1964<br> CVE-2012-1965<br> CVE-2012-1966<br> CVE-2012-1967<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-42.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-43.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-44.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-45.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-46.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-47.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-48.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-49.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-50.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-51.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-52.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-53.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-54.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-55.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-56.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6.html">05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/"> <p>CVE-2019-11751: Malicious code execution through command line parameters</p> <p>CVE-2019-11746: Use-after-free while manipulating video</p> <p>CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML</p> <p>CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images</p> <p>CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service</p> <p>CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location</p> <p>CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB</p> <p>CVE-2019-9812: Sandbox escape through Firefox Sync</p> <p>CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com</p> <p>CVE-2019-11743: Cross-origin access to unload event attributes</p> <p>CVE-2019-11748: Persistence of WebRTC permissions in a third party context</p> <p>CVE-2019-11749: Camera information available without prompting using getUserMedia</p> <p>CVE-2019-5849: Out-of-bounds read in Skia</p> <p>CVE-2019-11750: Type confusion in Spidermonkey</p> <p>CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard</p> <p>CVE-2019-11738: Content security policy bypass through hash-based sources in directives</p> <p>CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list</p> <p>CVE-2019-11734: Memory safety bugs fixed in Firefox 69</p> <p>CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1</p> <p>CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9</p> </blockquote> <br>Discovery 2019-09-03<br>Entry 2019-09-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 69.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.14 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 61.0,1 lt 68.1.0,1</blockquote><br> <blockquote>< 60.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 61.0,2 lt 68.1.0,2</blockquote><br> <blockquote>< 60.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 61.0 lt 68.1.0</blockquote><br> <blockquote>< 60.9.0 </blockquote><br> CVE-2019-11734<br> CVE-2019-11735<br> CVE-2019-11736<br> CVE-2019-11737<br> CVE-2019-11738<br> CVE-2019-11740<br> CVE-2019-11741<br> CVE-2019-11742<br> CVE-2019-11743<br> CVE-2019-11744<br> CVE-2019-11746<br> CVE-2019-11747<br> CVE-2019-11748<br> CVE-2019-11749<br> CVE-2019-11750<br> CVE-2019-11751<br> CVE-2019-11752<br> CVE-2019-11753<br> CVE-2019-5849<br> CVE-2019-9812<br> https://www.mozilla.org/security/advisories/mfsa2019-25/<br> https://www.mozilla.org/security/advisories/mfsa2019-26/<br> https://www.mozilla.org/security/advisories/mfsa2019-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1fade8a3-e9e8-11e0-9580-4061862b8c22.html">1fade8a3-e9e8-11e0-9580-4061862b8c22</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)</p> <p>MFSA 2011-37 Integer underflow when using JavaScript RegExp</p> <p>MFSA 2011-38 XSS via plugins and shadowed window.location object</p> <p>MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection</p> <p>MFSA 2011-40 Code installation through holding down Enter</p> <p>MFSA 2011-41 Potentially exploitable WebGL crashes</p> <p>MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library</p> <p>MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter</p> <p>MFSA 2011-44 Use after free reading OGG headers</p> <p>MFSA 2011-45 Inferring Keystrokes from motion data</p> </blockquote> <br>Discovery 2011-09-27<br>Entry 2011-09-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 4.0,1 lt 7.0,1</blockquote><br> <blockquote>gt 3.6.,1 lt 3.6.23,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 1.9.2.23</blockquote><br> linux-firefox<br> <blockquote>< 7.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.4 </blockquote><br> linux-thunderbird<br> <blockquote>< 7.0 </blockquote><br> seamonkey<br> <blockquote>< 2.4 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 4.0 lt 7.0</blockquote><br> <blockquote>< 3.1.15 </blockquote><br> CVE-2011-2372<br> CVE-2011-2995<br> CVE-2011-2996<br> CVE-2011-2997<br> CVE-2011-2999<br> CVE-2011-3000<br> CVE-2011-3001<br> CVE-2011-3002<br> CVE-2011-3003<br> CVE-2011-3004<br> CVE-2011-3005<br> CVE-2011-3232<br> http://www.mozilla.org/security/announce/2011/mfsa2011-36.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-37.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-38.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-39.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-40.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-41.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-42.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-43.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-44.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-45.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html">cd81806c-26e7-4d4a-8425-02724a2f48af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"> <p>CVE-2018-12359: Buffer overflow using computed size of canvas element</p> <p>CVE-2018-12360: Use-after-free when using focus()</p> <p>CVE-2018-12361: Integer overflow in SwizzleData</p> <p>CVE-2018-12358: Same-origin bypass using service worker and redirection</p> <p>CVE-2018-12362: Integer overflow in SSSE3 scaler</p> <p>CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture</p> <p>CVE-2018-12363: Use-after-free when appending DOM nodes</p> <p>CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins</p> <p>CVE-2018-12365: Compromised IPC child process can list local filenames</p> <p>CVE-2018-12371: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-12366: Invalid data handling during QCMS transformations</p> <p>CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming</p> <p>CVE-2018-12368: No warning when opening executable SettingContent-ms files</p> <p>CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments</p> <p>CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View</p> <p>CVE-2018-5186: Memory safety bugs fixed in Firefox 61</p> <p>CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1</p> <p>CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9</p> </blockquote> <br>Discovery 2018-06-26<br>Entry 2018-06-26<br>Modified 2018-07-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 61.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.1.19_2 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 60.0,1 lt 60.1.0_1,1</blockquote><br> <blockquote>< 52.9.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.9.0 </blockquote><br> CVE-2018-12362<br> CVE-2018-5156<br> CVE-2018-5186<br> CVE-2018-5187<br> CVE-2018-5188<br> CVE-2018-12358<br> CVE-2018-12359<br> CVE-2018-12360<br> CVE-2018-12361<br> CVE-2018-12363<br> CVE-2018-12364<br> CVE-2018-12365<br> CVE-2018-12366<br> CVE-2018-12367<br> CVE-2018-12368<br> CVE-2018-12369<br> CVE-2018-12370<br> CVE-2018-12371<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html">888a0262-f0d9-11e3-ba0c-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)</p> <p>MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer</p> <p>MFSA 2014-51 Use-after-free in Event Listener Manager</p> <p>MFSA 2014-52 Use-after-free with SMIL Animation Controller</p> <p>MFSA 2014-53 Buffer overflow in Web Audio Speex resampler</p> <p>MFSA 2014-54 Buffer overflow in Gamepad API</p> <p>MFSA 2014-55 Out of bounds write in NSPR</p> </blockquote> <br>Discovery 2014-06-10<br>Entry 2014-06-10<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 30.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.6.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.26.1 </blockquote><br> linux-firefox<br> <blockquote>< 30.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.26.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.6.0 </blockquote><br> <a href="/devel/nspr/">nspr<br> </a><blockquote>< 4.10.6 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.6.0 </blockquote><br> CVE-2014-1533<br> CVE-2014-1534<br> CVE-2014-1536<br> CVE-2014-1537<br> CVE-2014-1540<br> CVE-2014-1541<br> CVE-2014-1542<br> CVE-2014-1543<br> CVE-2014-1545<br> https://www.mozilla.org/security/announce/2014/mfsa2014-48.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-49.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-51.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-52.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-53.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-54.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-55.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a1050b8b-6db3-11e1-8b37-0011856a6e37.html">a1050b8b-6db3-11e1-8b37-0011856a6e37</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-13 XSS with Drag and Drop and Javascript: URL</p> <p>MFSA 2012-14 SVG issues found with Address Sanitizer</p> <p>MFSA 2012-15 XSS with multiple Content Security Policy headers</p> <p>MFSA 2012-16 Escalation of privilege with Javascript: URL as home page</p> <p>MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification</p> <p>MFSA 2012-18 window.fullScreen writeable by untrusted content</p> <p>MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)</p> </blockquote> <br>Discovery 2012-03-13<br>Entry 2012-03-14<br>Modified 2012-03-18<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 4.0,1 lt 10.0.3,1</blockquote><br> <blockquote>ge 3.6.,1 lt 3.6.28</blockquote><br> linux-firefox<br> <blockquote>< 10.0.3,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.8 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.3 </blockquote><br> seamonkey<br> <blockquote>< 2.8 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 4.0 lt 10.0.3</blockquote><br> <blockquote>gt 3.1. lt 3.1.20</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.28</blockquote><br> CVE-2012-0451<br> CVE-2012-0455<br> CVE-2012-0456<br> CVE-2012-0457<br> CVE-2012-0458<br> CVE-2012-0459<br> CVE-2012-0460<br> CVE-2012-0461<br> CVE-2012-0462<br> CVE-2012-0463<br> CVE-2012-0464<br> http://www.mozilla.org/security/announce/2012/mfsa2012-13.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-14.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-15.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-16.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-17.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-18.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-19.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/630c8c08-880f-11e2-807f-d43d7e0c7c02.html">630c8c08-880f-11e2-807f-d43d7e0c7c02</a></td><td>mozilla -- use-after-free in HTML Editor<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-29 Use-after-free in HTML Editor</p> </blockquote> <br>Discovery 2013-03-07<br>Entry 2013-03-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 19.0.2,1</blockquote><br> <blockquote>< 17.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.4,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.16.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.4 </blockquote><br> seamonkey<br> <blockquote>< 2.16.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.4</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> CVE-2013-0787<br> http://www.mozilla.org/security/announce/2013/mfsa2013-29.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7dfed67b-20aa-11e3-b8d8-0025905a4771.html">7dfed67b-20aa-11e3-b8d8-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p> MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)</p> <p> MFSA 2013-77 Improper state in HTML5 Tree Builder with templates</p> <p> MFSA 2013-78 Integer overflow in ANGLE library</p> <p> MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning</p> <p> MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed</p> <p> MFSA 2013-81 Use-after-free with select element</p> <p> MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption</p> <p> MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification</p> <p> MFSA 2013-84 Same-origin bypass through symbolic links</p> <p> MFSA 2013-85 Uninitialized data in IonMonkey</p> <p> MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers</p> <p> MFSA 2013-87 Shared object library loading from writable location</p> <p> MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes</p> <p> MFSA 2013-89 Buffer overflow with multi-column, lists, and floats</p> <p> MFSA 2013-90 Memory corruption involving scrolling</p> <p> MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object</p> <p> MFSA 2013-92 GC hazard with default compartments and frame chain restoration</p> </blockquote> <br>Discovery 2013-08-17<br>Entry 2013-08-18<br>Modified 2013-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 24.0,1</blockquote><br> <blockquote>< 17.0.9,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.9,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.21 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.9 </blockquote><br> seamonkey<br> <blockquote>< 2.21 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.0 </blockquote><br> CVE-2013-1722<br> CVE-2013-1718<br> CVE-2013-1719<br> CVE-2013-1720<br> CVE-2013-1721<br> CVE-2013-1723<br> CVE-2013-1724<br> CVE-2013-1725<br> CVE-2013-1726<br> CVE-2013-1727<br> CVE-2013-1728<br> CVE-2013-1729<br> CVE-2013-1730<br> CVE-2013-1731<br> CVE-2013-1732<br> CVE-2013-1735<br> CVE-2013-1736<br> CVE-2013-1737<br> CVE-2013-1738<br> https://www.mozilla.org/security/announce/2013/mfsa2013-76.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-77.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-78.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-79.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-80.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-81.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-82.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-83.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-84.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-85.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-86.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-87.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-88.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-89.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-90.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-91.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-92.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bd62c640-9bb9-11e4-a5ad-000c297fb80f.html">bd62c640-9bb9-11e4-a5ad-000c297fb80f</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)</p> <p>MFSA-2015-02 Uninitialized memory use during bitmap rendering</p> <p>MFSA-2015-03 sendBeacon requests lack an Origin header</p> <p>MFSA-2015-04 Cookie injection through Proxy Authenticate responses</p> <p>MFSA-2015-05 Read of uninitialized memory in Web Audio</p> <p>MFSA-2015-06 Read-after-free in WebRTC</p> <p>MFSA-2015-07 Gecko Media Plugin sandbox escape</p> <p>MFSA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension</p> <p>MFSA-2015-09 XrayWrapper bypass through DOM objects</p> </blockquote> <br>Discovery 2015-01-13<br>Entry 2015-01-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 35.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 35.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.32 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.4.0 </blockquote><br> seamonkey<br> <blockquote>< 2.32 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.4.0 </blockquote><br> libxul<br> <blockquote>< 31.4.0 </blockquote><br> CVE-2014-8634<br> CVE-2014-8635<br> CVE-2014-8637<br> CVE-2014-8638<br> CVE-2014-8639<br> CVE-2014-8640<br> CVE-2014-8641<br> CVE-2014-8642<br> CVE-2014-8643<br> CVE-2014-8636<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-02/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-03/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-04/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-05/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-06/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-07/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-08/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-09/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c223b00d-e272-11df-8e32-000f20797ede.html">c223b00d-e272-11df-8e32-000f20797ede</a></td><td>mozilla -- Heap buffer overflow mixing document.write and DOM insertion<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion</p> </blockquote> <br>Discovery 2010-10-27<br>Entry 2010-10-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.12,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.15,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.12</blockquote><br> linux-firefox<br> <blockquote>< 3.6.12,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.15 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.0.10 </blockquote><br> linux-thunderbird<br> <blockquote>< 3.1.6 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.10</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.10</blockquote><br> <blockquote>ge 3.1 lt 3.1.6</blockquote><br> CVE-2010-3765<br> http://www.mozilla.org/security/announce/2010/mfsa2010-73.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/81f866ad-41a4-11e3-a4af-0025905a4771.html">81f866ad-41a4-11e3-a4af-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p> MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)</p> <p> MFSA 2013-94 Spoofing addressbar though SELECT element</p> <p> MFSA 2013-95 Access violation with XSLT and uninitialized data</p> <p> MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions</p> <p> MFSA 2013-97 Writing to cycle collected object during image decoding</p> <p> MFSA 2013-98 Use-after-free when updating offline cache</p> <p> MFSA 2013-99 Security bypass of PDF.js checks using iframes</p> <p> MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing</p> <p> MFSA 2013-101 Memory corruption in workers</p> <p> MFSA 2013-102 Use-after-free in HTML document templates</p> </blockquote> <br>Discovery 2013-10-29<br>Entry 2013-10-30<br>Modified 2013-10-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 24.1.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 25.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.22 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.1.0 </blockquote><br> seamonkey<br> <blockquote>< 2.22 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.1.0 </blockquote><br> CVE-2013-1739<br> CVE-2013-5590<br> CVE-2013-5591<br> CVE-2013-5592<br> CVE-2013-5593<br> CVE-2013-5595<br> CVE-2013-5596<br> CVE-2013-5597<br> CVE-2013-5598<br> CVE-2013-5599<br> CVE-2013-5600<br> CVE-2013-5601<br> CVE-2013-5602<br> CVE-2013-5603<br> CVE-2013-5604<br> https://www.mozilla.org/security/announce/2013/mfsa2013-93.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-94.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-95.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-96.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-97.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-98.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-99.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-100.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-101.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-102.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/99029172-8253-407d-9d8b-2cfeab9abf81.html">99029172-8253-407d-9d8b-2cfeab9abf81</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)</p> <p>MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files</p> <p>MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections</p> <p>MFSA-2015-14 Malicious WebGL content crash when writing strings</p> <p>MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections</p> <p>MFSA-2015-16 Use-after-free in IndexedDB</p> <p>MFSA-2015-17 Buffer overflow in libstagefright during MP4 video playback</p> <p>MFSA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR</p> <p>MFSA-2015-19 Out-of-bounds read and write while rendering SVG content</p> <p>MFSA-2015-20 Buffer overflow during CSS restyling</p> <p>MFSA-2015-21 Buffer underflow during MP3 playback</p> <p>MFSA-2015-22 Crash using DrawTarget in Cairo graphics library</p> <p>MFSA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser</p> <p>MFSA-2015-24 Reading of local files through manipulation of form autocomplete</p> <p>MFSA-2015-25 Local files or privileged URLs in pages can be opened into new tabs</p> <p>MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs</p> <p>MFSA-2015-27 Caja Compiler JavaScript sandbox bypass</p> </blockquote> <br>Discovery 2015-02-24<br>Entry 2015-02-27<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 36.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 36.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.33 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.5.0 </blockquote><br> seamonkey<br> <blockquote>< 2.33 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.5.0 </blockquote><br> libxul<br> <blockquote>< 31.5.0 </blockquote><br> CVE-2015-0819<br> CVE-2015-0820<br> CVE-2015-0821<br> CVE-2015-0822<br> CVE-2015-0823<br> CVE-2015-0824<br> CVE-2015-0825<br> CVE-2015-0826<br> CVE-2015-0827<br> CVE-2015-0828<br> CVE-2015-0829<br> CVE-2015-0830<br> CVE-2015-0831<br> CVE-2015-0832<br> CVE-2015-0833<br> CVE-2015-0834<br> CVE-2015-0835<br> CVE-2015-0836<br> https://www.mozilla.org/security/advisories/mfsa2015-11/<br> https://www.mozilla.org/security/advisories/mfsa2015-12/<br> https://www.mozilla.org/security/advisories/mfsa2015-13/<br> https://www.mozilla.org/security/advisories/mfsa2015-14/<br> https://www.mozilla.org/security/advisories/mfsa2015-15/<br> https://www.mozilla.org/security/advisories/mfsa2015-16/<br> https://www.mozilla.org/security/advisories/mfsa2015-17/<br> https://www.mozilla.org/security/advisories/mfsa2015-18/<br> https://www.mozilla.org/security/advisories/mfsa2015-19/<br> https://www.mozilla.org/security/advisories/mfsa2015-20/<br> https://www.mozilla.org/security/advisories/mfsa2015-21/<br> https://www.mozilla.org/security/advisories/mfsa2015-22/<br> https://www.mozilla.org/security/advisories/mfsa2015-23/<br> https://www.mozilla.org/security/advisories/mfsa2015-24/<br> https://www.mozilla.org/security/advisories/mfsa2015-25/<br> https://www.mozilla.org/security/advisories/mfsa2015-26/<br> https://www.mozilla.org/security/advisories/mfsa2015-27/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d10b49b2-8d02-49e8-afde-0844626317af.html">d10b49b2-8d02-49e8-afde-0844626317af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"> <p>CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module</p> <p>CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11</p> <p>CVE-2018-18492: Use-after-free with select element</p> <p>CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia</p> <p>CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs</p> <p>CVE-2018-18495: WebExtension content scripts can be loaded in about: pages</p> <p>CVE-2018-18496: Embedded feed preview page can be abused for clickjacking</p> <p>CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators</p> <p>CVE-2018-18498: Integer overflow when calculating buffer sizes for images</p> <p>CVE-2018-12406: Memory safety bugs fixed in Firefox 64</p> <p>CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4</p> </blockquote> <br>Discovery 2018-12-11<br>Entry 2018-12-11<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 64.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.6 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.4.0 </blockquote><br> CVE-2018-12405<br> CVE-2018-12406<br> CVE-2018-12407<br> CVE-2018-17466<br> CVE-2018-18492<br> CVE-2018-18493<br> CVE-2018-18494<br> CVE-2018-18495<br> CVE-2018-18496<br> CVE-2018-18497<br> CVE-2018-18498<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d9b43004-f5fd-4807-b1d7-dbf66455b244.html">d9b43004-f5fd-4807-b1d7-dbf66455b244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)</p> <p>MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer</p> <p>MFSA-2015-48 Buffer overflow with SVG content and CSS</p> <p>MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu</p> <p>MFSA-2015-50 Out-of-bounds read and write in asm.js validation</p> <p>MFSA-2015-51 Use-after-free during text processing with vertical text enabled</p> <p>MFSA-2015-52 Sensitive URL encoded information written to Android logcat</p> <p>MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown</p> <p>MFSA-2015-54 Buffer overflow when parsing compressed XML</p> <p>MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata</p> <p>MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses</p> <p>MFSA-2015-57 Privilege escalation through IPC channel messages</p> <p>MFSA-2015-58 Mozilla Windows updater can be run outside of application directory</p> <p>MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata</p> </blockquote> <br>Discovery 2015-05-12<br>Entry 2015-05-12<br>Modified 2015-08-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 38.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 38.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.35 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.35 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.7.0,1 </blockquote><br> libxul<br> <blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> linux-thunderbird<br> <blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> CVE-2011-3079<br> CVE-2015-0797<br> CVE-2015-0833<br> CVE-2015-2708<br> CVE-2015-2709<br> CVE-2015-2710<br> CVE-2015-2711<br> CVE-2015-2712<br> CVE-2015-2713<br> CVE-2015-2714<br> CVE-2015-2715<br> CVE-2015-2716<br> CVE-2015-2717<br> CVE-2015-2718<br> CVE-2015-2720<br> CVE-2015-4496<br> https://www.mozilla.org/security/advisories/mfsa2015-46/<br> https://www.mozilla.org/security/advisories/mfsa2015-47/<br> https://www.mozilla.org/security/advisories/mfsa2015-48/<br> https://www.mozilla.org/security/advisories/mfsa2015-49/<br> https://www.mozilla.org/security/advisories/mfsa2015-50/<br> https://www.mozilla.org/security/advisories/mfsa2015-51/<br> https://www.mozilla.org/security/advisories/mfsa2015-52/<br> https://www.mozilla.org/security/advisories/mfsa2015-53/<br> https://www.mozilla.org/security/advisories/mfsa2015-54/<br> https://www.mozilla.org/security/advisories/mfsa2015-55/<br> https://www.mozilla.org/security/advisories/mfsa2015-56/<br> https://www.mozilla.org/security/advisories/mfsa2015-57/<br> https://www.mozilla.org/security/advisories/mfsa2015-58/<br> https://www.mozilla.org/security/advisories/mfsa2015-93/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1d8ff4a2-0445-11e0-8e32-000f20797ede.html">1d8ff4a2-0445-11e0-8e32-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)</p> <p>MFSA 2010-75 Buffer overflow while line breaking after document.write with long string</p> <p>MFSA 2010-76 Chrome privilege escalation with window.open and isindex element</p> <p>MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree</p> <p>MFSA 2010-78 Add support for OTS font sanitizer</p> <p>MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh</p> <p>MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver</p> <p>MFSA 2010-81 Integer overflow vulnerability in NewIdArray</p> <p>MFSA 2010-82 Incomplete fix for CVE-2010-0179</p> <p>MFSA 2010-83 Location bar SSL spoofing using network error page</p> <p>MFSA 2010-84 XSS hazard in multiple character encodings</p> </blockquote> <br>Discovery 2010-12-09<br>Entry 2010-12-10<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.13,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.16,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.13</blockquote><br> linux-firefox<br> <blockquote>< 3.6.13,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.16 </blockquote><br> linux-seamonkey<br> <blockquote>gt 2.0.* lt 2.0.11</blockquote><br> linux-thunderbird<br> <blockquote>ge 3.1 lt 3.1.7</blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.11</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.11</blockquote><br> <blockquote>ge 3.1 lt 3.1.7</blockquote><br> CVE-2010-3766<br> CVE-2010-3767<br> CVE-2010-3768<br> CVE-2010-3769<br> CVE-2010-3770<br> CVE-2010-3771<br> CVE-2010-3772<br> CVE-2010-3773<br> CVE-2010-3774<br> CVE-2010-3775<br> CVE-2010-3776<br> CVE-2010-3777<br> CVE-2010-3778<br> http://www.mozilla.org/security/announce/2010/mfsa2010-74.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-75.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-76.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-77.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-78.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-79.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-80.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-81.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-82.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-83.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-84.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/42c98cef-62b1-4b8b-9065-f4621e08d526.html">42c98cef-62b1-4b8b-9065-f4621e08d526</a></td><td>libvpx -- out-of-bounds write<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2014-77/"> <p>Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.</p> </blockquote> <br>Discovery 2014-10-14<br>Entry 2015-08-12<br><a href="/multimedia/libvpx/">libvpx<br> </a><blockquote>< 1.4.0 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 33.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.1.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 33.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.30 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.1.2 </blockquote><br> seamonkey<br> <blockquote>< 2.30 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.1.2 </blockquote><br> libxul<br> <blockquote>< 31.1.2 </blockquote><br> CVE-2014-1578<br> https://www.mozilla.org/security/advisories/mfsa2014-77/<br> https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05da6b56-3e66-4306-9ea3-89fafe939726.html">05da6b56-3e66-4306-9ea3-89fafe939726</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/"> <p>CVE-2019-9790: Use-after-free when removing in-use DOM elements</p> <p>CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey</p> <p>CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script</p> <p>CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled</p> <p>CVE-2019-9794: Command line arguments not discarded during execution</p> <p>CVE-2019-9795: Type-confusion in IonMonkey JIT compiler</p> <p>CVE-2019-9796: Use-after-free with SMIL animation controller</p> <p>CVE-2019-9797: Cross-origin theft of images with createImageBitmap</p> <p>CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location</p> <p>CVE-2019-9799: Information disclosure via IPC channel messages</p> <p>CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content</p> <p>CVE-2019-9802: Chrome process information leak</p> <p>CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation</p> <p>CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS</p> <p>CVE-2019-9805: Potential use of uninitialized memory in Prio</p> <p>CVE-2019-9806: Denial of service through successive FTP authorization prompts</p> <p>CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages</p> <p>CVE-2019-9809: Denial of service through FTP modal alert error messages</p> <p>CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs</p> <p>CVE-2019-9789: Memory safety bugs fixed in Firefox 66</p> <p>CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6</p> </blockquote> <br>Discovery 2019-03-19<br>Entry 2019-03-19<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 66.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.9 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.6.0 </blockquote><br> CVE-2019-9788<br> CVE-2019-9789<br> CVE-2019-9790<br> CVE-2019-9791<br> CVE-2019-9792<br> CVE-2019-9793<br> CVE-2019-9794<br> CVE-2019-9795<br> CVE-2019-9796<br> CVE-2019-9797<br> CVE-2019-9798<br> CVE-2019-9799<br> CVE-2019-9801<br> CVE-2019-9802<br> CVE-2019-9803<br> CVE-2019-9804<br> CVE-2019-9805<br> CVE-2019-9806<br> CVE-2019-9807<br> CVE-2019-9808<br> CVE-2019-9809<br> https://www.mozilla.org/security/advisories/mfsa2019-07/<br> https://www.mozilla.org/security/advisories/mfsa2019-08/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html">2d56c7f4-b354-428f-8f48-38150c607a05</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)</p> <p>MFSA 2015-97 Memory leak in mozTCPSocket to servers</p> <p>MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes</p> <p>MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme</p> <p>MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater</p> <p>MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video</p> <p>MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript</p> <p>MFSA 2015-103 URL spoofing in reader mode</p> <p>MFSA 2015-104 Use-after-free with shared workers and IndexedDB</p> <p>MFSA 2015-105 Buffer overflow while decoding WebM video</p> <p>MFSA 2015-106 Use-after-free while manipulating HTML media content</p> <p>MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems</p> <p>MFSA 2015-108 Scripted proxies can access inner window</p> <p>MFSA 2015-109 JavaScript immutable property enforcement can be bypassed</p> <p>MFSA 2015-110 Dragging and dropping images exposes final URL after redirects</p> <p>MFSA 2015-111 Errors in the handling of CORS preflight request headers</p> <p>MFSA 2015-112 Vulnerabilities found through code inspection</p> <p>MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library</p> <p>MFSA 2015-114 Information disclosure via the High Resolution Time API</p> </blockquote> <br>Discovery 2015-09-22<br>Entry 2015-09-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 41.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 41.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.38 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.38 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.3.0,1 </blockquote><br> libxul<br> <blockquote>< 38.3.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.3.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.3.0 </blockquote><br> CVE-2015-4476<br> CVE-2015-4500<br> CVE-2015-4501<br> CVE-2015-4502<br> CVE-2015-4503<br> CVE-2015-4504<br> CVE-2015-4505<br> CVE-2015-4506<br> CVE-2015-4507<br> CVE-2015-4508<br> CVE-2015-4509<br> CVE-2015-4510<br> CVE-2015-4512<br> CVE-2015-4516<br> CVE-2015-4517<br> CVE-2015-4519<br> CVE-2015-4520<br> CVE-2015-4521<br> CVE-2015-4522<br> CVE-2015-7174<br> CVE-2015-7175<br> CVE-2015-7176<br> CVE-2015-7177<br> CVE-2015-7178<br> CVE-2015-7179<br> CVE-2015-7180<br> https://www.mozilla.org/security/advisories/mfsa2015-96/<br> https://www.mozilla.org/security/advisories/mfsa2015-97/<br> https://www.mozilla.org/security/advisories/mfsa2015-98/<br> https://www.mozilla.org/security/advisories/mfsa2015-99/<br> https://www.mozilla.org/security/advisories/mfsa2015-100/<br> https://www.mozilla.org/security/advisories/mfsa2015-101/<br> https://www.mozilla.org/security/advisories/mfsa2015-102/<br> https://www.mozilla.org/security/advisories/mfsa2015-103/<br> https://www.mozilla.org/security/advisories/mfsa2015-104/<br> https://www.mozilla.org/security/advisories/mfsa2015-105/<br> https://www.mozilla.org/security/advisories/mfsa2015-106/<br> https://www.mozilla.org/security/advisories/mfsa2015-107/<br> https://www.mozilla.org/security/advisories/mfsa2015-108/<br> https://www.mozilla.org/security/advisories/mfsa2015-109/<br> https://www.mozilla.org/security/advisories/mfsa2015-110/<br> https://www.mozilla.org/security/advisories/mfsa2015-111/<br> https://www.mozilla.org/security/advisories/mfsa2015-112/<br> https://www.mozilla.org/security/advisories/mfsa2015-113/<br> https://www.mozilla.org/security/advisories/mfsa2015-114/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b1f7d52f-fc42-48e8-8403-87d4c9d26229.html">b1f7d52f-fc42-48e8-8403-87d4c9d26229</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/"> <p>CVE-2018-18500: Use-after-free parsing HTML5 stream</p> <p>CVE-2018-18503: Memory corruption with Audio Buffer</p> <p>CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer</p> <p>CVE-2018-18505: Privilege escalation through IPC channel messages</p> <p>CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied</p> <p>CVE-2018-18502: Memory safety bugs fixed in Firefox 65</p> <p>CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5</p> </blockquote> <br>Discovery 2019-01-29<br>Entry 2019-01-29<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 65.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.5.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.5.0 </blockquote><br> CVE-2018-18500<br> CVE-2018-18501<br> CVE-2018-18502<br> CVE-2018-18503<br> CVE-2018-18504<br> CVE-2018-18505<br> CVE-2018-18506<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/04b7d46c-7226-11e0-813a-6c626dd55a41.html">04b7d46c-7226-11e0-813a-6c626dd55a41</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-12 Miscellaneous memory safety hazards</p> <p>MFSA 2011-13 Multiple dangling pointer vulnerabilities</p> <p>MFSA 2011-14 Information stealing via form history</p> <p>MFSA 2011-15 Escalation of privilege through Java Embedding Plugin</p> <p>MFSA 2011-16 Directory traversal in resource: protocol</p> <p>MFSA 2011-17 WebGLES vulnerabilities</p> <p>MFSA 2011-18 XSLT generate-id() function heap address leak</p> </blockquote> <br>Discovery 2011-04-28<br>Entry 2011-04-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.17,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.19,1</blockquote><br> <blockquote>gt 4.0.,1 lt 4.0.1,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 1.9.2.17</blockquote><br> linux-firefox<br> <blockquote>< 3.6.17,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.19 </blockquote><br> linux-seamonkey<br> <blockquote>gt 2.0.* lt 2.0.14</blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.14</blockquote><br> http://www.mozilla.org/security/announce/2011/mfsa2011-12.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-13.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-14.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-15.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-16.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-17.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-18.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b2f09169-55af-11e0-9d6f-000f20797ede.html">b2f09169-55af-11e0-9d6f-000f20797ede</a></td><td>mozilla -- update to HTTPS certificate blacklist<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-11 Update to HTTPS certificate blacklist</p> </blockquote> <br>Discovery 2011-03-22<br>Entry 2011-03-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.16,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.18,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.16</blockquote><br> linux-firefox<br> <blockquote>< 3.6.16,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.18 </blockquote><br> linux-seamonkey<br> <blockquote>gt 2.0.* lt 2.0.13</blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.13</blockquote><br> http://www.mozilla.org/security/announce/2011/mfsa2011-11.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/92d44f83-a7bf-41cf-91ee-3d1b8ecf579f.html">92d44f83-a7bf-41cf-91ee-3d1b8ecf579f</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46"> <p>MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)</p> <p>MFSA 2016-42 Use-after-free and buffer overflow in Service Workers</p> <p>MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets</p> <p>MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace</p> <p>MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions</p> <p>MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()</p> <p>MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains</p> </blockquote> <br>Discovery 2016-04-26<br>Entry 2016-04-26<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 46.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.43 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 39.0,1 lt 45.1.0,1</blockquote><br> <blockquote>< 38.8.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 39.0 lt 45.1.0</blockquote><br> <blockquote>< 38.8.0 </blockquote><br> CVE-2016-2804<br> CVE-2016-2805<br> CVE-2016-2806<br> CVE-2016-2807<br> CVE-2016-2808<br> CVE-2016-2811<br> CVE-2016-2812<br> CVE-2016-2814<br> CVE-2016-2816<br> CVE-2016-2817<br> CVE-2016-2820<br> https://www.mozilla.org/security/advisories/mfsa2016-39/<br> https://www.mozilla.org/security/advisories/mfsa2016-42/<br> https://www.mozilla.org/security/advisories/mfsa2016-44/<br> https://www.mozilla.org/security/advisories/mfsa2016-45/<br> https://www.mozilla.org/security/advisories/mfsa2016-46/<br> https://www.mozilla.org/security/advisories/mfsa2016-47/<br> https://www.mozilla.org/security/advisories/mfsa2016-48/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f82c85d8-1c6e-11df-abb2-000f20797ede.html">f82c85d8-1c6e-11df-abb2-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-05 XSS hazard using SVG document and binary Content-Type</p> <p>MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain</p> <p>MFSA 2010-03 Use-after-free crash in HTML parser</p> <p>MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability</p> <p>MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)</p> </blockquote> <br>Discovery 2010-02-17<br>Entry 2010-02-18<br>Modified 2010-02-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.5.,1 lt 3.5.8,1</blockquote><br> <blockquote>gt 3.,1 lt 3.0.18,1</blockquote><br> linux-firefox<br> <blockquote>< 3.0.18,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.8 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.3</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.2</blockquote><br> CVE-2010-0159<br> CVE-2010-0160<br> CVE-2009-1571<br> CVE-2009-3988<br> CVE-2010-0162<br> http://www.mozilla.org/security/announce/2010/mfsa2010-01.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-02.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-03.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-04.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-05.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/96eca031-1313-4daf-9be2-9d6e1c4f1eb5.html">96eca031-1313-4daf-9be2-9d6e1c4f1eb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-03-07<br>Entry 2017-03-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 52.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.0,1</blockquote><br> <blockquote>< 45.8.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.0,2</blockquote><br> <blockquote>< 45.8.0_1,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0_1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0 </blockquote><br> CVE-2017-5400<br> CVE-2017-5401<br> CVE-2017-5402<br> CVE-2017-5403<br> CVE-2017-5404<br> CVE-2017-5406<br> CVE-2017-5407<br> CVE-2017-5410<br> CVE-2017-5411<br> CVE-2017-5409<br> CVE-2017-5408<br> CVE-2017-5412<br> CVE-2017-5413<br> CVE-2017-5414<br> CVE-2017-5415<br> CVE-2017-5416<br> CVE-2017-5417<br> CVE-2017-5425<br> CVE-2017-5426<br> CVE-2017-5427<br> CVE-2017-5418<br> CVE-2017-5419<br> CVE-2017-5420<br> CVE-2017-5405<br> CVE-2017-5421<br> CVE-2017-5422<br> CVE-2017-5399<br> CVE-2017-5398<br> https://www.mozilla.org/security/advisories/mfsa2017-05/<br> https://www.mozilla.org/security/advisories/mfsa2017-06/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8.html">1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)</p> <p>MFSA 2014-02 Clone protected content with XBL scopes</p> <p>MFSA 2014-03 UI selection timeout missing on download prompts</p> <p>MFSA 2014-04 Incorrect use of discarded images by RasterImage</p> <p>MFSA 2014-05 Information disclosure with FromPoint on iframes</p> <p>MFSA 2014-06 Profile path leaks to Android system log</p> <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy</p> <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing</p> <p>MFSA 2014-09 Cross-origin information leak through web workers</p> <p>MFSA 2014-10 Firefox default start page UI content invokable by script</p> <p>MFSA 2014-11 Crash when using web workers with asm.js</p> <p>MFSA 2014-12 NSS ticket handling issues</p> <p>MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects</p> </blockquote> <br>Discovery 2014-02-04<br>Entry 2014-02-04<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 25.0,1 lt 27.0,1</blockquote><br> <blockquote>< 24.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 27.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.24 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.3.0 </blockquote><br> seamonkey<br> <blockquote>< 2.24 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.3.0 </blockquote><br> CVE-2014-1477<br> CVE-2014-1478<br> CVE-2014-1479<br> CVE-2014-1480<br> CVE-2014-1481<br> CVE-2014-1482<br> CVE-2014-1483<br> CVE-2014-1484<br> CVE-2014-1485<br> CVE-2014-1486<br> CVE-2014-1487<br> CVE-2014-1488<br> CVE-2014-1489<br> CVE-2014-1490<br> CVE-2014-1491<br> https://www.mozilla.org/security/announce/2014/mfsa2014-01.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-02.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-03.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-04.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-05.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-06.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-07.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-08.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-09.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-10.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-11.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-12.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c66a5632-708a-4727-8236-d65b2d5b2739.html">c66a5632-708a-4727-8236-d65b2d5b2739</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)</p> <p>MFSA 2015-80 Out-of-bounds read with malformed MP3 file</p> <p>MFSA 2015-81 Use-after-free in MediaStream playback</p> <p>MFSA 2015-82 Redefinition of non-configurable JavaScript object properties</p> <p>MFSA 2015-83 Overflow issues in libstagefright</p> <p>MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links</p> <p>MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file</p> <p>MFSA 2015-86 Feed protocol with POST bypasses mixed content protections</p> <p>MFSA 2015-87 Crash when using shared memory in JavaScript</p> <p>MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images</p> <p>MFSA 2015-90 Vulnerabilities found through code inspection</p> <p>MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification</p> <p>MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers</p> </blockquote> <br>Discovery 2015-08-11<br>Entry 2015-08-11<br>Modified 2015-08-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 40.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 40.0,1 </blockquote><br> seamonkey<br> <blockquote>ge 2.36 lt 2.37</blockquote><br> <blockquote>< 2.35 </blockquote><br> linux-seamonkey<br> <blockquote>ge 2.36 lt 2.37</blockquote><br> <blockquote>< 2.35 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.2.0,1 </blockquote><br> libxul<br> <blockquote>< 38.2.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.2.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.2.0 </blockquote><br> CVE-2015-4473<br> CVE-2015-4474<br> CVE-2015-4475<br> CVE-2015-4477<br> CVE-2015-4478<br> CVE-2015-4479<br> CVE-2015-4480<br> CVE-2015-4481<br> CVE-2015-4482<br> CVE-2015-4483<br> CVE-2015-4484<br> CVE-2015-4487<br> CVE-2015-4488<br> CVE-2015-4489<br> CVE-2015-4490<br> CVE-2015-4491<br> CVE-2015-4492<br> CVE-2015-4493<br> https://www.mozilla.org/security/advisories/mfsa2015-79/<br> https://www.mozilla.org/security/advisories/mfsa2015-80/<br> https://www.mozilla.org/security/advisories/mfsa2015-81/<br> https://www.mozilla.org/security/advisories/mfsa2015-82/<br> https://www.mozilla.org/security/advisories/mfsa2015-83/<br> https://www.mozilla.org/security/advisories/mfsa2015-84/<br> https://www.mozilla.org/security/advisories/mfsa2015-85/<br> https://www.mozilla.org/security/advisories/mfsa2015-86/<br> https://www.mozilla.org/security/advisories/mfsa2015-87/<br> https://www.mozilla.org/security/advisories/mfsa2015-88/<br> https://www.mozilla.org/security/advisories/mfsa2015-90/<br> https://www.mozilla.org/security/advisories/mfsa2015-91/<br> https://www.mozilla.org/security/advisories/mfsa2015-92/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2225c5b4-1e5a-44fc-9920-b3201c384a15.html">2225c5b4-1e5a-44fc-9920-b3201c384a15</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45"> <p>MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)</p> <p>MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports</p> <p>MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages</p> <p>MFSA 2016-19 Linux video memory DOS with Intel drivers</p> <p>MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing</p> <p>MFSA 2016-21 Displayed page address can be overridden</p> <p>MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager</p> <p>MFSA 2016-23 Use-after-free in HTML5 string parser</p> <p>MFSA 2016-24 Use-after-free in SetBody</p> <p>MFSA 2016-25 Use-after-free when using multiple WebRTC data channels</p> <p>MFSA 2016-26 Memory corruption when modifying a file being read by FileReader</p> <p>MFSA 2016-27 Use-after-free during XML transformations</p> <p>MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property</p> <p>MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore</p> <p>MFSA 2016-31 Memory corruption with malicious NPAPI plugin</p> <p>MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection</p> <p>MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC</p> <p>MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation</p> </blockquote> <br>Discovery 2016-03-08<br>Entry 2016-03-08<br>Modified 2016-03-08<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 45.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.42 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.7.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.7.0 </blockquote><br> CVE-2016-1952<br> CVE-2016-1953<br> CVE-2016-1954<br> CVE-2016-1955<br> CVE-2016-1956<br> CVE-2016-1957<br> CVE-2016-1958<br> CVE-2016-1959<br> CVE-2016-1960<br> CVE-2016-1961<br> CVE-2016-1962<br> CVE-2016-1963<br> CVE-2016-1964<br> CVE-2016-1965<br> CVE-2016-1966<br> CVE-2016-1967<br> CVE-2016-1970<br> CVE-2016-1971<br> CVE-2016-1972<br> CVE-2016-1973<br> CVE-2016-1974<br> CVE-2016-1975<br> CVE-2016-1976<br> https://www.mozilla.org/security/advisories/mfsa2016-16/<br> https://www.mozilla.org/security/advisories/mfsa2016-17/<br> https://www.mozilla.org/security/advisories/mfsa2016-18/<br> https://www.mozilla.org/security/advisories/mfsa2016-19/<br> https://www.mozilla.org/security/advisories/mfsa2016-20/<br> https://www.mozilla.org/security/advisories/mfsa2016-21/<br> https://www.mozilla.org/security/advisories/mfsa2016-22/<br> https://www.mozilla.org/security/advisories/mfsa2016-23/<br> https://www.mozilla.org/security/advisories/mfsa2016-24/<br> https://www.mozilla.org/security/advisories/mfsa2016-25/<br> https://www.mozilla.org/security/advisories/mfsa2016-26/<br> https://www.mozilla.org/security/advisories/mfsa2016-27/<br> https://www.mozilla.org/security/advisories/mfsa2016-28/<br> https://www.mozilla.org/security/advisories/mfsa2016-29/<br> https://www.mozilla.org/security/advisories/mfsa2016-31/<br> https://www.mozilla.org/security/advisories/mfsa2016-32/<br> https://www.mozilla.org/security/advisories/mfsa2016-33/<br> https://www.mozilla.org/security/advisories/mfsa2016-34/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5aefc41e-d304-4ec8-8c82-824f84f08244.html">5aefc41e-d304-4ec8-8c82-824f84f08244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/"> <p>CVE-2018-5183: Backport critical security fixes in Skia</p> <p>CVE-2018-5154: Use-after-free with SVG animations and clip paths</p> <p>CVE-2018-5155: Use-after-free with SVG animations and text paths</p> <p>CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files</p> <p>CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer</p> <p>CVE-2018-5159: Integer overflow and out-of-bounds write in Skia</p> <p>CVE-2018-5160: Uninitialized memory use by WebRTC encoder</p> <p>CVE-2018-5152: WebExtensions information leak through webRequest API</p> <p>CVE-2018-5153: Out-of-bounds read in mixed content websocket messages</p> <p>CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache</p> <p>CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace</p> <p>CVE-2018-5166: WebExtension host permission bypass through filterReponseData</p> <p>CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger</p> <p>CVE-2018-5168: Lightweight themes can be installed without user interaction</p> <p>CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages</p> <p>CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer</p> <p>CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters</p> <p>CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update</p> <p>CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies</p> <p>CVE-2018-5176: JSON Viewer script injection</p> <p>CVE-2018-5177: Buffer overflow in XSLT during number formatting</p> <p>CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox</p> <p>CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension</p> <p>CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced</p> <p>CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink</p> <p>CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar</p> <p>CVE-2018-5151: Memory safety bugs fixed in Firefox 60</p> <p>CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8</p> </blockquote> <br>Discovery 2018-05-09<br>Entry 2018-05-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.1.0_18 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.8.0 </blockquote><br> CVE-2018-5150<br> CVE-2018-5151<br> CVE-2018-5152<br> CVE-2018-5153<br> CVE-2018-5154<br> CVE-2018-5155<br> CVE-2018-5157<br> CVE-2018-5158<br> CVE-2018-5159<br> CVE-2018-5160<br> CVE-2018-5163<br> CVE-2018-5164<br> CVE-2018-5165<br> CVE-2018-5166<br> CVE-2018-5167<br> CVE-2018-5168<br> CVE-2018-5169<br> CVE-2018-5172<br> CVE-2018-5173<br> CVE-2018-5174<br> CVE-2018-5175<br> CVE-2018-5176<br> CVE-2018-5177<br> CVE-2018-5178<br> CVE-2018-5180<br> CVE-2018-5181<br> CVE-2018-5182<br> CVE-2018-5183<br> https://www.mozilla.org/security/advisories/mfsa2018-11/<br> https://www.mozilla.org/security/advisories/mfsa2018-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2b8cad90-f289-11e1-a215-14dae9ebcf89.html">2b8cad90-f289-11e1-a215-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</p> <p>MFSA 2012-58 Use-after-free issues found using Address Sanitizer</p> <p>MFSA 2012-59 Location object can be shadowed using Object.defineProperty</p> <p>MFSA 2012-60 Escalation of privilege through about:newtab</p> <p>MFSA 2012-61 Memory corruption with bitmap format images with negative height</p> <p>MFSA 2012-62 WebGL use-after-free and memory corruption</p> <p>MFSA 2012-63 SVG buffer overflow and use-after-free issues</p> <p>MFSA 2012-64 Graphite 2 memory corruption</p> <p>MFSA 2012-65 Out-of-bounds read in format-number in XSLT</p> <p>MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation</p> <p>MFSA 2012-67 Installer will launch incorrect executable following new installation</p> <p>MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html</p> <p>MFSA 2012-69 Incorrect site SSL certificate data display</p> <p>MFSA 2012-70 Location object security checks bypassed by chrome code</p> <p>MFSA 2012-71 Insecure use of __android_log_print</p> <p>MFSA 2012-72 Web console eval capable of executing chrome-privileged code</p> </blockquote> <br>Discovery 2012-08-28<br>Entry 2012-08-30<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 15.0,1</blockquote><br> <blockquote>< 10.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.7,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.12 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.7 </blockquote><br> seamonkey<br> <blockquote>< 2.12 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 15.0</blockquote><br> <blockquote>< 10.0.7 </blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 10.0.7</blockquote><br> CVE-2012-1956<br> CVE-2012-1970<br> CVE-2012-1971<br> CVE-2012-1972<br> CVE-2012-1973<br> CVE-2012-1974<br> CVE-2012-1975<br> CVE-2012-1976<br> CVE-2012-3956<br> CVE-2012-3957<br> CVE-2012-3958<br> CVE-2012-3959<br> CVE-2012-3960<br> CVE-2012-3961<br> CVE-2012-3962<br> CVE-2012-3963<br> CVE-2012-3964<br> CVE-2012-3965<br> CVE-2012-3966<br> CVE-2012-3967<br> CVE-2012-3968<br> CVE-2012-3969<br> CVE-2012-3970<br> CVE-2012-3971<br> CVE-2012-3972<br> CVE-2012-3973<br> CVE-2012-3974<br> CVE-2012-3975<br> CVE-2012-3976<br> CVE-2012-3978<br> CVE-2012-3979<br> CVE-2012-3980<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-57.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-58.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-59.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-60.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-61.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-62.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-63.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-64.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-65.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-66.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-67.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-68.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-69.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-70.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-71.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-72.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c96d416a-eae7-4d5d-bc84-40deca9329fb.html">c96d416a-eae7-4d5d-bc84-40deca9329fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/"> <p>CVE-2018-12377: Use-after-free in refresh driver timers</p> <p>CVE-2018-12378: Use-after-free in IndexedDB</p> <p>CVE-2018-12379: Out-of-bounds write with malicious MAR file</p> <p>CVE-2017-16541: Proxy bypass using automount and autofs</p> <p>CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation</p> <p>CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android</p> <p>CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords</p> <p>CVE-2018-12375: Memory safety bugs fixed in Firefox 62</p> <p>CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2</p> </blockquote> <br>Discovery 2018-09-05<br>Entry 2018-09-05<br>Modified 2018-09-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2 </blockquote><br> CVE-2017-16541<br> CVE-2018-12375<br> CVE-2018-12376<br> CVE-2018-12377<br> CVE-2018-12378<br> CVE-2018-12379<br> CVE-2018-12381<br> CVE-2018-12382<br> CVE-2018-12383<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c4f39920-781f-4aeb-b6af-17ed566c4272.html">c4f39920-781f-4aeb-b6af-17ed566c4272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/"> <h1>CVE-2018-12386: Type confusion in JavaScript</h1> <p>A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.</p> <h1>CVE-2018-12387: </h1> <p>A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.</p> </blockquote> <br>Discovery 2018-10-02<br>Entry 2018-10-02<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0.3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.4 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.2,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2.2 </blockquote><br> CVE-2018-12386<br> CVE-2018-12387<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b3fcb387-de4b-11e2-b1c6-0025905a4771.html">b3fcb387-de4b-11e2-b1c6-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)</p> <p>Title: Memory corruption found using Address Sanitizer</p> <p>Privileged content access and execution via XBL</p> <p>Arbitrary code execution within Profiler</p> <p>Execution of unmapped memory through onreadystatechange</p> <p>Data in the body of XHR HEAD requests leads to CSRF attacks</p> <p>SVG filters can lead to information disclosure</p> <p>PreserveWrapper has inconsistent behavior</p> <p>Sandbox restrictions not applied to nested frame elements</p> <p>X-Frame-Options ignored when using server push with multi-part responses</p> <p>XrayWrappers can be bypassed to run user defined methods in a privileged context</p> <p>getUserMedia permission dialog incorrectly displays location</p> <p>Homograph domain spoofing in .com, .net and .name</p> <p>Inaccessible updater can lead to local privilege escalation</p> </blockquote> <br>Discovery 2013-06-25<br>Entry 2013-06-26<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 22.0,1</blockquote><br> <blockquote>< 17.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.7,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.19 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.7 </blockquote><br> seamonkey<br> <blockquote>< 2.19 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.7</blockquote><br> CVE-2013-1682<br> CVE-2013-1683<br> CVE-2013-1684<br> CVE-2013-1685<br> CVE-2013-1686<br> CVE-2013-1687<br> CVE-2013-1688<br> CVE-2013-1690<br> CVE-2013-1692<br> CVE-2013-1693<br> CVE-2013-1694<br> CVE-2013-1695<br> CVE-2013-1696<br> CVE-2013-1697<br> CVE-2013-1698<br> CVE-2013-1699<br> CVE-2013-1700<br> http://www.mozilla.org/security/announce/2013/mfsa2013-49.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-50.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-51.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-52.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-53.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-54.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-55.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-56.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-57.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-58.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-59.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-60.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-61.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-62.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d0c97697-df2c-4b8b-bff2-cec24dc35af8.html">d0c97697-df2c-4b8b-bff2-cec24dc35af8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)</p> <p>MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin</p> <p>MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack</p> <p>MFSA-2015-33 resource:// documents can load privileged pages</p> <p>MFSA-2015-34 Out of bounds read in QCMS library</p> <p>MFSA-2015-35 Cursor clickjacking with flash and images</p> <p>MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC</p> <p>MFSA-2015-37 CORS requests should not follow 30x redirections after preflight</p> <p>MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing</p> <p>MFSA-2015-39 Use-after-free due to type confusion flaws</p> <p>MFSA-2015-40 Same-origin bypass through anchor navigation</p> <p>MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android</p> <p>MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages</p> </blockquote> <br>Discovery 2015-03-31<br>Entry 2015-03-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 37.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 37.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.34 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.6.0 </blockquote><br> seamonkey<br> <blockquote>< 2.34 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.6.0 </blockquote><br> libxul<br> <blockquote>< 31.6.0 </blockquote><br> CVE-2012-2808<br> CVE-2015-0800<br> CVE-2015-0801<br> CVE-2015-0802<br> CVE-2015-0803<br> CVE-2015-0804<br> CVE-2015-0805<br> CVE-2015-0806<br> CVE-2015-0807<br> CVE-2015-0808<br> CVE-2015-0810<br> CVE-2015-0811<br> CVE-2015-0812<br> CVE-2015-0813<br> CVE-2015-0814<br> CVE-2015-0815<br> CVE-2015-0816<br> https://www.mozilla.org/security/advisories/mfsa2015-30/<br> https://www.mozilla.org/security/advisories/mfsa2015-31/<br> https://www.mozilla.org/security/advisories/mfsa2015-32/<br> https://www.mozilla.org/security/advisories/mfsa2015-33/<br> https://www.mozilla.org/security/advisories/mfsa2015-34/<br> https://www.mozilla.org/security/advisories/mfsa2015-35/<br> https://www.mozilla.org/security/advisories/mfsa2015-36/<br> https://www.mozilla.org/security/advisories/mfsa2015-37/<br> https://www.mozilla.org/security/advisories/mfsa2015-38/<br> https://www.mozilla.org/security/advisories/mfsa2015-39/<br> https://www.mozilla.org/security/advisories/mfsa2015-40/<br> https://www.mozilla.org/security/advisories/mfsa2015-41/<br> https://www.mozilla.org/security/advisories/mfsa2015-42/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html">44b6dfbf-4ef7-4d52-ad52-2b1b05d81272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"> <p>CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS</p> <p>CVE-2019-9816: Type confusion with object groups and UnboxedObjects</p> <p>CVE-2019-9817: Stealing of cross-domain images using canvas</p> <p>CVE-2019-9818: Use-after-free in crash generation server</p> <p>CVE-2019-9819: Compartment mismatch with fetch API</p> <p>CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell</p> <p>CVE-2019-9821: Use-after-free in AssertWorkerThread</p> <p>CVE-2019-11691: Use-after-free in XMLHttpRequest</p> <p>CVE-2019-11692: Use-after-free removing listeners in the event listener manager</p> <p>CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux</p> <p>CVE-2019-7317: Use-after-free in png_image_free of libpng library</p> <p>CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox</p> <p>CVE-2019-11695: Custom cursor can render over user interface outside of web content</p> <p>CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts</p> <p>CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions</p> <p>CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks</p> <p>CVE-2019-11700: res: protocol can be used to open known local files</p> <p>CVE-2019-11699: Incorrect domain name highlighting during page navigation</p> <p>CVE-2019-11701: webcal: protocol default handler loads vulnerable web page</p> <p>CVE-2019-9814: Memory safety bugs fixed in Firefox 67</p> <p>CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7</p> </blockquote> <br>Discovery 2019-05-21<br>Entry 2019-05-22<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 67.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.10 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.7.0 </blockquote><br> CVE-2019-9815<br> CVE-2019-9816<br> CVE-2019-9817<br> CVE-2019-9818<br> CVE-2019-9819<br> CVE-2019-9820<br> CVE-2019-9821<br> CVE-2019-11691<br> CVE-2019-11692<br> CVE-2019-11693<br> CVE-2019-7317<br> CVE-2019-11694<br> CVE-2019-11695<br> CVE-2019-11696<br> CVE-2019-11697<br> CVE-2019-11698<br> CVE-2019-11700<br> CVE-2019-11699<br> CVE-2019-11701<br> CVE-2019-9814<br> CVE-2019-9800<br> https://www.mozilla.org/security/advisories/mfsa2019-13/<br> https://www.mozilla.org/security/advisories/mfsa2019-14/<br> https://www.mozilla.org/security/advisories/mfsa2019-15/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aa5bc971-d635-11e0-b3cf-080027ef73ec.html">aa5bc971-d635-11e0-b3cf-080027ef73ec</a></td><td>nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl<br> <p>Heather Adkins, Google's Information Security Manager, reported that Google received</p> <blockquote cite="http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html"> <p>[...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...]</p> </blockquote> <p>VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:</p> <blockquote cite="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx"> <p>On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...]</p> </blockquote> <p>Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they:</p> <blockquote cite="https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/"> <p>revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort. </p><p>Three central issues informed our decision:</p> <ol><li>Failure to notify. [...]</li> <li>The scope of the breach remains unknown. [...]</li> <li>The attack is not theoretical.</li></ol> </blockquote> <br>Discovery 2011-07-19<br>Entry 2011-09-03<br>Modified 2011-09-06<br><a href="/security/nss/">nss<br> </a><blockquote>< 3.12.11 </blockquote><br> <a href="/security/ca_root_nss/">ca_root_nss<br> </a><blockquote>< 3.12.11 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.22,1</blockquote><br> <blockquote>gt 4.0.,1 lt 6.0.2,1</blockquote><br> seamonkey<br> <blockquote>< 2.3.2 </blockquote><br> linux-firefox<br> <blockquote>< 3.6.22,1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 3.1.* lt 3.1.14</blockquote><br> <blockquote>gt 5.0.* lt 6.0.2</blockquote><br> linux-thunderbird<br> <blockquote>< 3.1.14 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.3.2 </blockquote><br> http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx<br> http://www.mozilla.org/security/announce/2011/mfsa2011-34.html<br> http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html">d1853110-07f4-4645-895b-6fd462ad0589</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-11-15<br>Entry 2016-11-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.5.0 </blockquote><br> CVE-2016-5289<br> CVE-2016-5290<br> CVE-2016-5291<br> CVE-2016-5292<br> CVE-2016-5293<br> CVE-2016-5294<br> CVE-2016-5295<br> CVE-2016-5296<br> CVE-2016-5297<br> CVE-2016-5298<br> CVE-2016-5299<br> CVE-2016-9061<br> CVE-2016-9062<br> CVE-2016-9063<br> CVE-2016-9064<br> CVE-2016-9065<br> CVE-2016-9066<br> CVE-2016-9067<br> CVE-2016-9068<br> CVE-2016-9070<br> CVE-2016-9071<br> CVE-2016-9072<br> CVE-2016-9073<br> CVE-2016-9074<br> CVE-2016-9075<br> CVE-2016-9076<br> CVE-2016-9077<br> https://www.mozilla.org/security/advisories/mfsa2016-89/<br> https://www.mozilla.org/security/advisories/mfsa2016-90/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/512c0ffd-cd39-4da4-b2dc-81ff4ba8e238.html">512c0ffd-cd39-4da4-b2dc-81ff4ba8e238</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"> <p>CVE-2016-9894: Buffer overflow in SkiaGL</p> <p>CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements</p> <p>CVE-2016-9895: CSP bypass using marquee tag</p> <p>CVE-2016-9896: Use-after-free with WebVR</p> <p>CVE-2016-9897: Memory corruption in libGLES</p> <p>CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees</p> <p>CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs</p> <p>CVE-2016-9904: Cross-origin information leak in shared atoms</p> <p>CVE-2016-9901: Data from Pocket server improperly sanitized before execution</p> <p>CVE-2016-9902: Pocket extension does not validate the origin of events</p> <p>CVE-2016-9903: XSS injection vulnerability in add-ons SDK</p> <p>CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1</p> <p>CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6</p> </blockquote> <br>Discovery 2016-12-13<br>Entry 2016-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.1.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.6.0 </blockquote><br> CVE-2016-9894<br> CVE-2016-9899<br> CVE-2016-9895<br> CVE-2016-9896<br> CVE-2016-9897<br> CVE-2016-9898<br> CVE-2016-9900<br> CVE-2016-9904<br> CVE-2016-9901<br> CVE-2016-9902<br> CVE-2016-9903<br> CVE-2016-9080<br> CVE-2016-9893<br> https://www.mozilla.org/security/advisories/mfsa2016-94/<br> https://www.mozilla.org/security/advisories/mfsa2016-95/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html">7943794f-707f-4e31-9fea-3bbf1ddcedc1</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/"> <h1>CVE-2018-5146: Out of bounds memory write in libvorbis</h1> <p>An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.</p> <h1>CVE-2018-5147: Out of bounds memory write in libtremor</h1> <p>The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.</p> </blockquote> <br>Discovery 2018-03-16<br>Entry 2018-03-16<br>Modified 2018-03-31<br><a href="/audio/libvorbis/">libvorbis<br> </a><blockquote>< 1.3.6,3 </blockquote><br> libtremor<br> <blockquote>< 1.2.1.s20180316 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0.1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.2,2 </blockquote><br> libxul<br> <blockquote>< 52.7.3 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5146<br> CVE-2018-5147<br> https://www.mozilla.org/security/advisories/mfsa2018-08/<br> https://www.mozilla.org/security/advisories/mfsa2018-09/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html">dd116b19-64b3-11e3-868f-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-116 JPEG information leak</p> <p>MFSA 2013-105 Application Installation doorhanger persists on navigation</p> <p>MFSA 2013-106 Character encoding cross-origin XSS attack</p> <p>MFSA 2013-107 Sandbox restrictions not applied to nested object elements</p> <p>MFSA 2013-108 Use-after-free in event listeners</p> <p>MFSA 2013-109 Use-after-free during Table Editing</p> <p>MFSA 2013-110 Potential overflow in JavaScript binary search algorithms</p> <p>MFSA 2013-111 Segmentation violation when replacing ordered list elements</p> <p>MFSA 2013-112 Linux clipboard information disclosure though selection paste</p> <p>MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation</p> <p>MFSA 2013-114 Use-after-free in synthetic mouse movement</p> <p>MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets</p> <p>MFSA 2013-116 JPEG information leak</p> <p>MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate</p> </blockquote> <br>Discovery 2013-12-09<br>Entry 2013-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 25.0,1 lt 26.0,1</blockquote><br> <blockquote>< 24.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 26.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.23 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.2.0 </blockquote><br> seamonkey<br> <blockquote>< 2.23 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.2.0 </blockquote><br> CVE-2013-5609<br> CVE-2013-5610<br> CVE-2013-5611<br> CVE-2013-5612<br> CVE-2013-5613<br> CVE-2013-5614<br> CVE-2013-5615<br> CVE-2013-5616<br> CVE-2013-5618<br> CVE-2013-5619<br> CVE-2013-6629<br> CVE-2013-6630<br> CVE-2013-6671<br> CVE-2013-6672<br> CVE-2013-6673<br> https://www.mozilla.org/security/announce/2013/mfsa2013-104.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-105.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-106.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-107.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-108.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-109.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-110.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-111.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-112.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-113.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-114.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-115.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-116.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-117.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0a9e2b72-4cb7-11e1-9146-14dae9ebcf89.html">0a9e2b72-4cb7-11e1-9146-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)</p> <p>MFSA 2012-02 Overly permissive IPv6 literal syntax</p> <p>MFSA 2012-03 iframe element exposed across domains via name attribute</p> <p>MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes</p> <p>MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks</p> <p>MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure</p> <p>MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files</p> <p>MFSA 2012-08 Crash with malformed embedded XSLT stylesheets</p> <p>MFSA 2012-09 Firefox Recovery Key.html is saved with unsafe permission</p> </blockquote> <br>Discovery 2012-01-31<br>Entry 2012-02-01<br>Modified 2012-03-18<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 4.0,1 lt 10.0,1</blockquote><br> <blockquote>ge 3.6.,1 lt 3.6.26</blockquote><br> linux-firefox<br> <blockquote>< 10.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.7 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0 </blockquote><br> seamonkey<br> <blockquote>< 2.7 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 4.0 lt 10.0</blockquote><br> <blockquote>gt 3.1. lt 3.1.18</blockquote><br> CVE-2012-0442<br> CVE-2012-0443<br> CVE-2011-3670<br> CVE-2012-0445<br> CVE-2011-3659<br> CVE-2012-0446<br> CVE-2012-0447<br> CVE-2012-0449<br> CVE-2012-0450<br> http://www.mozilla.org/security/announce/2012/mfsa2012-01.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-02.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-03.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-04.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-05.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-06.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-07.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-08.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-09.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1bcfd963-e483-41b8-ab8e-bad5c3ce49c9.html">1bcfd963-e483-41b8-ab8e-bad5c3ce49c9</a></td><td>brotli -- buffer overflow<br> <p>Google Chrome Releases reports:</p> <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html"> <p>[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.</p> </blockquote> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"> <p>Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.</p> </blockquote> <br>Discovery 2016-02-08<br>Entry 2016-03-08<br>Modified 2016-03-08<br><a href="/archivers/brotli/">brotli<br> </a><blockquote>ge 0.3.0 lt 0.3.0_1</blockquote><br> <blockquote>< 0.2.0_2 </blockquote><br> libbrotli<br> <blockquote>< 0.3.0_3 </blockquote><br> <a href="/www/chromium/">chromium<br> </a>chromium-npapi<br> chromium-pulse<br> <blockquote>< 48.0.2564.109 </blockquote><br> <a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 45.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.42 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.7.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.7.0 </blockquote><br> CVE-2016-1624<br> CVE-2016-1968<br> https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade<br> https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/<br> https://www.mozilla.org/security/advisories/mfsa2016-30/<br> https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html">a4ed6632-5aa9-11e2-8fcb-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)</p> <p>MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer</p> <p>MFSA 2013-03 Buffer Overflow in Canvas</p> <p>MFSA 2013-04 URL spoofing in addressbar during page loads</p> <p>MFSA 2013-05 Use-after-free when displaying table with many columns and column groups</p> <p>MFSA 2013-06 Touch events are shared across iframes</p> <p>MFSA 2013-07 Crash due to handling of SSL on threads</p> <p>MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection</p> <p>MFSA 2013-09 Compartment mismatch with quickstubs returned values</p> <p>MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy</p> <p>MFSA 2013-11 Address space layout leaked in XBL objects</p> <p>MFSA 2013-12 Buffer overflow in Javascript string concatenation</p> <p>MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG</p> <p>MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype</p> <p>MFSA 2013-15 Privilege escalation through plugin objects</p> <p>MFSA 2013-16 Use-after-free in serializeToStream</p> <p>MFSA 2013-17 Use-after-free in ListenerManager</p> <p>MFSA 2013-18 Use-after-free in Vibrate</p> <p>MFSA 2013-19 Use-after-free in Javascript Proxy objects</p> <p>MFSA 2013-20 Mis-issued TURKTRUST certificates</p> </blockquote> <br>Discovery 2013-01-08<br>Entry 2013-01-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 17.0.2,1</blockquote><br> <blockquote>< 10.0.12,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.2,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.15 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.2 </blockquote><br> seamonkey<br> <blockquote>< 2.15 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.2</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.12</blockquote><br> <a href="/security/ca_root_nss/">ca_root_nss<br> </a><blockquote>< 3.14.1 </blockquote><br> CVE-2012-5829<br> CVE-2013-0743<br> CVE-2013-0744<br> CVE-2013-0745<br> CVE-2013-0746<br> CVE-2013-0747<br> CVE-2013-0748<br> CVE-2013-0749<br> CVE-2013-0750<br> CVE-2013-0751<br> CVE-2013-0752<br> CVE-2013-0753<br> CVE-2013-0754<br> CVE-2013-0755<br> CVE-2013-0756<br> CVE-2013-0757<br> CVE-2013-0758<br> CVE-2013-0759<br> CVE-2013-0760<br> CVE-2013-0761<br> CVE-2013-0762<br> CVE-2013-0763<br> CVE-2013-0764<br> CVE-2013-0766<br> CVE-2013-0767<br> CVE-2013-0768<br> CVE-2013-0769<br> CVE-2013-0770<br> CVE-2013-0771<br> http://www.mozilla.org/security/announce/2013/mfsa2013-01.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-02.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-03.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-04.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-05.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-06.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-07.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-08.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-09.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-10.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-11.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-12.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-13.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-14.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-15.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-16.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-17.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-18.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-19.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-20.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html">9c1495ac-8d8c-4789-a0f3-8ca6b476619c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)</p> <p>MFSA 2014-75 Buffer overflow during CSS manipulation</p> <p>MFSA 2014-76 Web Audio memory corruption issues with custom waveforms</p> <p>MFSA 2014-78 Further uninitialized memory use during GIF</p> <p>MFSA 2014-79 Use-after-free interacting with text directionality</p> <p>MFSA 2014-80 Key pinning bypasses</p> <p>MFSA 2014-81 Inconsistent video sharing within iframe</p> <p>MFSA 2014-82 Accessing cross-origin objects via the Alarms API</p> </blockquote> <br>Discovery 2014-10-14<br>Entry 2014-10-14<br>Modified 2015-08-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 33.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 33.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.30 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.2.0 </blockquote><br> seamonkey<br> <blockquote>< 2.30 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.2.0 </blockquote><br> libxul<br> <blockquote>< 31.2.0 </blockquote><br> CVE-2014-1575<br> CVE-2014-1574<br> CVE-2014-1576<br> CVE-2014-1577<br> CVE-2014-1580<br> CVE-2014-1581<br> CVE-2014-1582<br> CVE-2014-1583<br> CVE-2014-1584<br> CVE-2014-1585<br> CVE-2014-1586<br> https://www.mozilla.org/security/announce/2014/mfsa2014-74.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-75.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-76.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-78.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-79.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-80.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-81.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-82.html<br> https://www.mozilla.org/security/announce/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d23119df-335d-11e2-b64c-c8600054b392.html">d23119df-335d-11e2-b64c-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)</p> <p>MFSA 2012-92 Buffer overflow while rendering GIF images</p> <p>MFSA 2012-93 evalInSanbox location context incorrectly applied</p> <p>MFSA 2012-94 Crash when combining SVG text on path with CSS</p> <p>MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page</p> <p>MFSA 2012-96 Memory corruption in str_unescape</p> <p>MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox</p> <p>MFSA 2012-98 Firefox installer DLL hijacking</p> <p>MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment</p> <p>MFSA 2012-100 Improper security filtering for cross-origin wrappers</p> <p>MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset</p> <p>MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges</p> <p>MFSA 2012-103 Frames can shadow top.location</p> <p>MFSA 2012-104 CSS and HTML injection through Style Inspector</p> <p>MFSA 2012-105 Use-after-free and buffer overflow issues found</p> <p>MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2012-11-20<br>Entry 2012-11-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 17.0,1</blockquote><br> <blockquote>< 10.0.11,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.11,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.14 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.11 </blockquote><br> seamonkey<br> <blockquote>< 2.14 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0</blockquote><br> <blockquote>< 10.0.11 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.11</blockquote><br> CVE-2012-4201<br> CVE-2012-4202<br> CVE-2012-4203<br> CVE-2012-4204<br> CVE-2012-4205<br> CVE-2012-4206<br> CVE-2012-4207<br> CVE-2012-4208<br> CVE-2012-4209<br> CVE-2012-4210<br> CVE-2012-4212<br> CVE-2012-4213<br> CVE-2012-4214<br> CVE-2012-4215<br> CVE-2012-4216<br> CVE-2012-4217<br> CVE-2012-4218<br> CVE-2012-5829<br> CVE-2012-5830<br> CVE-2012-5833<br> CVE-2012-5835<br> CVE-2012-5836<br> CVE-2012-5837<br> CVE-2012-5838<br> CVE-2012-5839<br> CVE-2012-5840<br> CVE-2012-5841<br> CVE-2012-5842<br> CVE-2012-5843<br> http://www.mozilla.org/security/announce/2012/mfsa2012-90.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-91.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-92.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-93.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-94.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-95.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-96.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-97.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-98.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-99.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-100.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-101.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-102.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-103.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-104.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-105.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-106.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6e5a9afd-12d3-11e2-b47d-c8600054b392.html">6e5a9afd-12d3-11e2-b47d-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p> MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</p> <p>MFSA 2012-75 select element persistance allows for attacks</p> <p>MFSA 2012-76 Continued access to initial origin after setting document.domain</p> <p>MFSA 2012-77 Some DOMWindowUtils methods bypass security checks</p> <p>MFSA 2012-78 Reader Mode pages have chrome privileges</p> <p>MFSA 2012-79 DOS and crash with full screen and history navigation</p> <p>MFSA 2012-80 Crash with invalid cast when using instanceof operator</p> <p>MFSA 2012-81 GetProperty function can bypass security checks</p> <p>MFSA 2012-82 top object and location property accessible by plugins</p> <p>MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</p> <p>MFSA 2012-84 Spoofing and script injection through location.hash</p> <p>MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</p> <p>MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer</p> <p>MFSA 2012-87 Use-after-free in the IME State Manager</p> <p>MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)</p> <p>MFSA 2012-89 defaultValue security checks not applied</p> </blockquote> <br>Discovery 2012-10-09<br>Entry 2012-10-10<br>Modified 2012-10-11<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 16.0.1,1</blockquote><br> <blockquote>< 10.0.9,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.9,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.13.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.9 </blockquote><br> seamonkey<br> <blockquote>< 2.13.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 16.0.1</blockquote><br> <blockquote>< 10.0.9 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.9</blockquote><br> CVE-2012-3982<br> CVE-2012-3983<br> CVE-2012-3984<br> CVE-2012-3985<br> CVE-2012-3986<br> CVE-2012-3987<br> CVE-2012-3988<br> CVE-2012-3989<br> CVE-2012-3990<br> CVE-2012-3991<br> CVE-2012-3992<br> CVE-2012-3993<br> CVE-2012-3994<br> CVE-2012-3995<br> CVE-2012-4179<br> CVE-2012-4180<br> CVE-2012-4181<br> CVE-2012-4182<br> CVE-2012-4183<br> CVE-2012-4184<br> CVE-2012-4186<br> CVE-2012-4187<br> CVE-2012-4188<br> CVE-2012-4190<br> CVE-2012-4191<br> CVE-2012-4192<br> CVE-2012-4193<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-74.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-75.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-76.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-77.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-78.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-79.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-80.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-81.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-82.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-83.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-84.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-85.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-86.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-87.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-88.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-89.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html">6cec1b0a-da15-467d-8691-1dea392d4c8d</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-06-13<br>Entry 2017-06-13<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 54.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.2.0 </blockquote><br> CVE-2017-5470<br> CVE-2017-5471<br> CVE-2017-5472<br> CVE-2017-7749<br> CVE-2017-7750<br> CVE-2017-7751<br> CVE-2017-7752<br> CVE-2017-7754<br> CVE-2017-7755<br> CVE-2017-7756<br> CVE-2017-7757<br> CVE-2017-7758<br> CVE-2017-7759<br> CVE-2017-7760<br> CVE-2017-7761<br> CVE-2017-7762<br> CVE-2017-7763<br> CVE-2017-7764<br> CVE-2017-7765<br> CVE-2017-7766<br> CVE-2017-7767<br> CVE-2017-7768<br> CVE-2017-7778<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4a21ce2c-bb13-11df-8e32-000f20797ede.html">4a21ce2c-bb13-11df-8e32-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)</p> <p>MFSA 2010-50 Frameset integer overflow vulnerability</p> <p>MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array</p> <p>MFSA 2010-52 Windows XP DLL loading vulnerability</p> <p>MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText</p> <p>MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection</p> <p>MFSA 2010-55 XUL tree removal crash and remote code execution</p> <p>MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView</p> <p>MFSA 2010-57 Crash and remote code execution in normalizeDocument</p> <p>MFSA 2010-58 Crash on Mac using fuzzed font in data: URL</p> <p>MFSA 2010-59 SJOW creates scope chains ending in outer object</p> <p>MFSA 2010-60 XSS using SJOW scripted function</p> <p>MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute</p> <p>MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS</p> <p>MFSA 2010-63 Information leak via XMLHttpRequest statusText</p> </blockquote> <br>Discovery 2010-09-07<br>Entry 2010-09-08<br>Modified 2010-09-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.9,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.12,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.9</blockquote><br> linux-firefox<br> <blockquote>< 3.6.9,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.12 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.7</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.7</blockquote><br> <blockquote>ge 3.1 lt 3.1.3</blockquote><br> CVE-2010-2762<br> CVE-2010-2763<br> CVE-2010-2764<br> CVE-2010-2765<br> CVE-2010-2766<br> CVE-2010-2767<br> CVE-2010-2768<br> CVE-2010-2769<br> CVE-2010-2770<br> CVE-2010-2760<br> CVE-2010-3131<br> CVE-2010-3166<br> CVE-2010-3167<br> CVE-2010-3168<br> CVE-2010-3169<br> http://www.mozilla.org/security/announce/2010/mfsa2010-49.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-50.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-51.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-52.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-53.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-54.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-55.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-56.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-57.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-58.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-59.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-60.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-61.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-62.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-63.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7.html">e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7</a></td><td>firefox -- Heap buffer overflow rasterizing paths in SVG with Skia<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/"> <p>A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.</p> </blockquote> <br>Discovery 2018-06-06<br>Entry 2018-06-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0.2,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.0.13_5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> https://www.mozilla.org/security/advisories/mfsa2018-14/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html">18f39fb6-7400-4063-acaf-0806e92c094f</a></td><td>Mozilla -- SVG Animation Remote Code Execution<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/"> <p>A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.</p> </blockquote> <br>Discovery 2016-11-30<br>Entry 2016-12-01<br>Modified 2016-12-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0.2,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.1,2 </blockquote><br> seamonkey<br> <blockquote>< 2.46 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> libxul<br> <blockquote>< 45.5.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 45.5.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 45.5.1 </blockquote><br> CVE-2016-9079<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bfecf7c1-af47-11e1-9580-4061862b8c22.html">bfecf7c1-af47-11e1-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)</p> <p>MFSA 2012-36 Content Security Policy inline-script bypass</p> <p>MFSA 2012-37 Information disclosure though Windows file shares and shortcut files</p> <p>MFSA 2012-38 Use-after-free while replacing/inserting a node in a document</p> <p>MFSA 2012-39 NSS parsing errors with zero length items</p> <p>MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2012-06-05<br>Entry 2012-06-05<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 13.0,1</blockquote><br> <blockquote>< 10.0.5,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.5,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.10 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.5 </blockquote><br> seamonkey<br> <blockquote>< 2.10 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 13.0</blockquote><br> <blockquote>< 10.0.5 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.5</blockquote><br> CVE-2011-3101<br> CVE-2012-0441<br> CVE-2012-1938<br> CVE-2012-1939<br> CVE-2012-1937<br> CVE-2012-1940<br> CVE-2012-1941<br> CVE-2012-1944<br> CVE-2012-1945<br> CVE-2012-1946<br> CVE-2012-1947<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-34.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-36.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-37.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-38.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-39.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-40.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/99858b7c-7ece-11df-a007-000f20797ede.html">99858b7c-7ece-11df-a007-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-33 User tracking across sites using Math.random()</p> <p>MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present</p> <p>MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes</p> <p>MFSA 2010-30 Integer Overflow in XSLT Node Sorting</p> <p>MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal</p> <p>MFSA 2010-28 Freed object reuse across plugin instances</p> <p>MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()</p> <p>MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)</p> <p>MFSA 2010-25 Re-use of freed object due to scope confusion</p> </blockquote> <br>Discovery 2010-06-22<br>Entry 2010-06-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.4,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.10,1</blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.10 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.5</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.5</blockquote><br> CVE-2008-5913<br> CVE-2010-0183<br> CVE-2010-1121<br> CVE-2010-1125<br> CVE-2010-1197<br> CVE-2010-1199<br> CVE-2010-1196<br> CVE-2010-1198<br> CVE-2010-1200<br> CVE-2010-1201<br> CVE-2010-1202<br> CVE-2010-1203<br> http://www.mozilla.org/security/announce/2010/mfsa2010-33.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-32.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-31.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-30.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-29.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-28.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-27.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-26.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-25.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html">a891c5b4-3d7a-4de9-9c71-eef3fd698c77</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"> <p>CVE-2018-5091: Use-after-free with DTMF timers</p> <p>CVE-2018-5092: Use-after-free in Web Workers</p> <p>CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing</p> <p>CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory</p> <p>CVE-2018-5095: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-5097: Use-after-free when source document is manipulated during XSLT</p> <p>CVE-2018-5098: Use-after-free while manipulating form input elements</p> <p>CVE-2018-5099: Use-after-free with widget listener</p> <p>CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory</p> <p>CVE-2018-5101: Use-after-free with floating first-letter style elements</p> <p>CVE-2018-5102: Use-after-free in HTML media elements</p> <p>CVE-2018-5103: Use-after-free during mouse event handling</p> <p>CVE-2018-5104: Use-after-free during font face manipulation</p> <p>CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts</p> <p>CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker</p> <p>CVE-2018-5107: Printing process will follow symlinks for local file access</p> <p>CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs</p> <p>CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution</p> <p>CVE-2018-5110: Cursor can be made invisible on OS X</p> <p>CVE-2018-5111: URL spoofing in addressbar through drag and drop</p> <p>CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel</p> <p>CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow</p> <p>CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts</p> <p>CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs</p> <p>CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access</p> <p>CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right</p> <p>CVE-2018-5118: Activity Stream images can attempt to load local content through file:</p> <p>CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers</p> <p>CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar</p> <p>CVE-2018-5122: Potential integer overflow in DoCrypt</p> <p>CVE-2018-5090: Memory safety bugs fixed in Firefox 58</p> <p>CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</p> </blockquote> <br>Discovery 2018-01-23<br>Entry 2018-01-23<br>Modified 2018-01-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 58.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.3.63 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.6.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.6.0 </blockquote><br> CVE-2018-5089<br> CVE-2018-5090<br> CVE-2018-5091<br> CVE-2018-5092<br> CVE-2018-5093<br> CVE-2018-5094<br> CVE-2018-5095<br> CVE-2018-5097<br> CVE-2018-5098<br> CVE-2018-5099<br> CVE-2018-5100<br> CVE-2018-5101<br> CVE-2018-5102<br> CVE-2018-5103<br> CVE-2018-5104<br> CVE-2018-5105<br> CVE-2018-5106<br> CVE-2018-5107<br> CVE-2018-5108<br> CVE-2018-5109<br> CVE-2018-5110<br> CVE-2018-5111<br> CVE-2018-5112<br> CVE-2018-5113<br> CVE-2018-5114<br> CVE-2018-5115<br> CVE-2018-5116<br> CVE-2018-5117<br> CVE-2018-5118<br> CVE-2018-5119<br> CVE-2018-5121<br> CVE-2018-5122<br> https://www.mozilla.org/security/advisories/mfsa2018-02/<br> https://www.mozilla.org/security/advisories/mfsa2018-03/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aa1aefe3-6e37-47db-bfda-343ef4acb1b5.html">aa1aefe3-6e37-47db-bfda-343ef4acb1b5</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-08-02<br>Entry 2016-09-07<br>Modified 2016-09-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 48.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.45 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.3.0 </blockquote><br> CVE-2016-0718<br> CVE-2016-2830<br> CVE-2016-2835<br> CVE-2016-2836<br> CVE-2016-2837<br> CVE-2016-2838<br> CVE-2016-2839<br> CVE-2016-5250<br> CVE-2016-5251<br> CVE-2016-5252<br> CVE-2016-5253<br> CVE-2016-5254<br> CVE-2016-5255<br> CVE-2016-5258<br> CVE-2016-5259<br> CVE-2016-5260<br> CVE-2016-5261<br> CVE-2016-5262<br> CVE-2016-5263<br> CVE-2016-5264<br> CVE-2016-5265<br> CVE-2016-5266<br> CVE-2016-5267<br> CVE-2016-5268<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html">e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)</p> <p>MFSA 2013-22 Out-of-bounds read in image rendering</p> <p>MFSA 2013-23 Wrapped WebIDL objects can be wrapped again</p> <p>MFSA 2013-24 Web content bypass of COW and SOW security wrappers</p> <p>MFSA 2013-25 Privacy leak in JavaScript Workers</p> <p>MFSA 2013-26 Use-after-free in nsImageLoadingContent</p> <p>MFSA 2013-27 Phishing on HTTPS connection through malicious proxy</p> <p>MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2013-02-19<br>Entry 2013-02-19<br>Modified 2013-02-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 19.0,1</blockquote><br> <blockquote>< 17.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.3,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.16 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.3 </blockquote><br> seamonkey<br> <blockquote>< 2.16 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.3</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.12</blockquote><br> CVE-2013-0765<br> CVE-2013-0772<br> CVE-2013-0773<br> CVE-2013-0774<br> CVE-2013-0775<br> CVE-2013-0776<br> CVE-2013-0783<br> CVE-2013-0784<br> http://www.mozilla.org/security/announce/2013/mfsa2013-20.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-21.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-22.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-23.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-24.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-25.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-26.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-27.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c71cdc95-3c18-45b7-866a-af28b59aabb5.html">c71cdc95-3c18-45b7-866a-af28b59aabb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"> <p>CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList</p> <p>CVE-2018-5128: Use-after-free manipulating editor selection ranges</p> <p>CVE-2018-5129: Out-of-bounds write with malformed IPC messages</p> <p>CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption</p> <p>CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources</p> <p>CVE-2018-5132: WebExtension Find API can search privileged pages</p> <p>CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized</p> <p>CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions</p> <p>CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts</p> <p>CVE-2018-5136: Same-origin policy violation with data: URL shared workers</p> <p>CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources</p> <p>CVE-2018-5138: Android Custom Tab address spoofing through long domain names</p> <p>CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol</p> <p>CVE-2018-5141: DOS attack through notifications Push API</p> <p>CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs</p> <p>CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar</p> <p>CVE-2018-5126: Memory safety bugs fixed in Firefox 59</p> <p>CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7</p> </blockquote> <br>Discovery 2018-03-13<br>Entry 2018-03-13<br>Modified 2018-03-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5125<br> CVE-2018-5126<br> CVE-2018-5127<br> CVE-2018-5128<br> CVE-2018-5129<br> CVE-2018-5130<br> CVE-2018-5131<br> CVE-2018-5132<br> CVE-2018-5133<br> CVE-2018-5134<br> CVE-2018-5135<br> CVE-2018-5136<br> CVE-2018-5137<br> CVE-2018-5138<br> CVE-2018-5140<br> CVE-2018-5141<br> CVE-2018-5142<br> CVE-2018-5143<br> https://www.mozilla.org/security/advisories/mfsa2018-06/<br> https://www.mozilla.org/security/advisories/mfsa2018-07/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html">0998e79d-0055-11e3-905b-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)</p> <p>MFSA 2013-64 Use after free mutating DOM during SetBody</p> <p>MFSA 2013-65 Buffer underflow when generating CRMF requests</p> <p>MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater</p> <p>MFSA 2013-67 Crash during WAV audio file decoding</p> <p>MFSA 2013-68 Document URI misrepresentation and masquerading</p> <p>MFSA 2013-69 CRMF requests allow for code execution and XSS attacks</p> <p>MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes</p> <p>MFSA 2013-71 Further Privilege escalation through Mozilla Updater</p> <p>MFSA 2013-72 Wrong principal used for validating URI for some Javascript components</p> <p>MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest</p> <p>MFSA 2013-74 Firefox full and stub installer DLL hijacking</p> <p>MFSA 2013-75 Local Java applets may read contents of local file system</p> </blockquote> <br>Discovery 2013-08-06<br>Entry 2013-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 23.0,1</blockquote><br> <blockquote>< 17.0.8,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.8,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.20 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.8 </blockquote><br> seamonkey<br> <blockquote>< 2.20 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.8</blockquote><br> CVE-2013-1701<br> CVE-2013-1702<br> CVE-2013-1704<br> CVE-2013-1705<br> CVE-2013-1706<br> CVE-2013-1707<br> CVE-2013-1708<br> CVE-2013-1709<br> CVE-2013-1710<br> CVE-2013-1711<br> CVE-2013-1712<br> CVE-2013-1713<br> CVE-2013-1714<br> CVE-2013-1715<br> CVE-2013-1717<br> https://www.mozilla.org/security/announce/2013/mfsa2013-63.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-64.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-65.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-66.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-67.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-68.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-69.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-70.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-71.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-72.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/555b244e-6b20-4546-851f-d8eb7d6c1ffa.html">555b244e-6b20-4546-851f-d8eb7d6c1ffa</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-08-08<br>Entry 2017-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 55.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.3.0 </blockquote><br> CVE-2017-7753<br> CVE-2017-7779<br> CVE-2017-7780<br> CVE-2017-7781<br> CVE-2017-7782<br> CVE-2017-7783<br> CVE-2017-7784<br> CVE-2017-7785<br> CVE-2017-7786<br> CVE-2017-7787<br> CVE-2017-7788<br> CVE-2017-7789<br> CVE-2017-7790<br> CVE-2017-7791<br> CVE-2017-7792<br> CVE-2017-7794<br> CVE-2017-7796<br> CVE-2017-7797<br> CVE-2017-7798<br> CVE-2017-7799<br> CVE-2017-7800<br> CVE-2017-7801<br> CVE-2017-7802<br> CVE-2017-7803<br> CVE-2017-7804<br> CVE-2017-7806<br> CVE-2017-7807<br> CVE-2017-7808<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html">f78eac48-c3d1-4666-8de5-63ceea25a578</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/"> <p>CVE-2017-7828: Use-after-free of PressShell while restyling layout</p> <p>CVE-2017-7830: Cross-origin URL information leak through Resource Timing API</p> <p>CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects</p> <p>CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers</p> <p>CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters</p> <p>CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections</p> <p>CVE-2017-7835: Mixed content blocking incorrectly applies with redirects</p> <p>CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X</p> <p>CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies</p> <p>CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN</p> <p>CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism</p> <p>CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags</p> <p>CVE-2017-7842: Referrer Policy is not always respected for <link> elements</p> <p>CVE-2017-7827: Memory safety bugs fixed in Firefox 57</p> <p>CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5</p> </blockquote> <br>Discovery 2017-11-14<br>Entry 2017-11-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0.2_10,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.5.0 </blockquote><br> CVE-2017-7826<br> CVE-2017-7827<br> CVE-2017-7828<br> CVE-2017-7830<br> CVE-2017-7831<br> CVE-2017-7832<br> CVE-2017-7833<br> CVE-2017-7834<br> CVE-2017-7835<br> CVE-2017-7836<br> CVE-2017-7837<br> CVE-2017-7838<br> CVE-2017-7839<br> CVE-2017-7840<br> CVE-2017-7842<br> https://www.mozilla.org/security/advisories/mfsa2017-24/<br> https://www.mozilla.org/security/advisories/mfsa2017-25/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0592f49f-b3b8-4260-b648-d1718762656c.html">0592f49f-b3b8-4260-b648-d1718762656c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"> <p>CVE-2019-9811: Sandbox escape via installation of malicious language pack</p> <p>CVE-2019-11711: Script injection within domain through inner window reuse</p> <p>CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects</p> <p>CVE-2019-11713: Use-after-free with HTTP/2 cached stream</p> <p>CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread</p> <p>CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault</p> <p>CVE-2019-11715: HTML parsing error can contribute to content XSS</p> <p>CVE-2019-11716: globalThis not enumerable until accessed</p> <p>CVE-2019-11717: Caret character improperly escaped in origins</p> <p>CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML</p> <p>CVE-2019-11719: Out-of-bounds read when importing curve25519 private key</p> <p>CVE-2019-11720: Character encoding XSS vulnerability</p> <p>CVE-2019-11721: Domain spoofing through unicode latin 'kra' character</p> <p>CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin</p> <p>CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries</p> <p>CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions</p> <p>CVE-2019-11725: Websocket resources bypass safebrowsing protections</p> <p>CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3</p> <p>CVE-2019-11728: Port scanning through Alt-Svc header</p> <p>CVE-2019-11710: Memory safety bugs fixed in Firefox 68</p> <p>CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8</p> </blockquote> <br>Discovery 2019-07-09<br>Entry 2019-07-09<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 68.0_4,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.12 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.8.0 </blockquote><br> CVE-2019-11709<br> CVE-2019-11710<br> CVE-2019-11711<br> CVE-2019-11712<br> CVE-2019-11713<br> CVE-2019-11714<br> CVE-2019-11715<br> CVE-2019-11716<br> CVE-2019-11717<br> CVE-2019-11718<br> CVE-2019-11719<br> CVE-2019-11720<br> CVE-2019-11721<br> CVE-2019-11723<br> CVE-2019-11724<br> CVE-2019-11725<br> CVE-2019-11727<br> CVE-2019-11728<br> CVE-2019-11729<br> CVE-2019-11730<br> CVE-2019-9811<br> https://www.mozilla.org/security/advisories/mfsa2019-21/<br> https://www.mozilla.org/security/advisories/mfsa2019-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8065d37b-8e7c-4707-a608-1b0a2b8509c3.html">8065d37b-8e7c-4707-a608-1b0a2b8509c3</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47"> <p>MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)</p> <p>MFSA 2016-50 Buffer overflow parsing HTML5 fragments</p> <p>MFSA 2016-51 Use-after-free deleting tables from a contenteditable document</p> <p>MFSA 2016-52 Addressbar spoofing though the SELECT element</p> <p>MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI</p> <p>MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction</p> <p>MFSA 2016-57 Incorrect icon displayed on permissions notifications</p> <p>MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission</p> <p>MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes</p> <p>MFSA 2016-60 Java applets bypass CSP protections</p> </blockquote> <br>Discovery 2016-06-07<br>Entry 2016-06-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 47.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.44 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.2.0 </blockquote><br> CVE-2016-2815<br> CVE-2016-2818<br> CVE-2016-2819<br> CVE-2016-2821<br> CVE-2016-2822<br> CVE-2016-2825<br> CVE-2016-2828<br> CVE-2016-2829<br> CVE-2016-2831<br> CVE-2016-2832<br> CVE-2016-2833<br> https://www.mozilla.org/security/advisories/mfsa2016-49/<br> https://www.mozilla.org/security/advisories/mfsa2016-50/<br> https://www.mozilla.org/security/advisories/mfsa2016-51/<br> https://www.mozilla.org/security/advisories/mfsa2016-52/<br> https://www.mozilla.org/security/advisories/mfsa2016-54/<br> https://www.mozilla.org/security/advisories/mfsa2016-56/<br> https://www.mozilla.org/security/advisories/mfsa2016-57/<br> https://www.mozilla.org/security/advisories/mfsa2016-58/<br> https://www.mozilla.org/security/advisories/mfsa2016-59/<br> https://www.mozilla.org/security/advisories/mfsa2016-60/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02.html">4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)</p> <p>MFSA 2013-42 Privileged access for content level constructor</p> <p>MFSA 2013-43 File input control has access to full path</p> <p>MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service</p> <p>MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries</p> <p>MFSA 2013-46 Use-after-free with video and onresize event</p> <p>MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent</p> <p>MFSA 2013-48 Memory corruption found using Address Sanitizer</p> </blockquote> <br>Discovery 2013-05-14<br>Entry 2013-05-15<br>Modified 2013-05-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 21.0,1</blockquote><br> <blockquote>< 17.0.6,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.6,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.17.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.6 </blockquote><br> seamonkey<br> <blockquote>< 2.17.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.6</blockquote><br> CVE-2012-1942<br> CVE-2013-0801<br> CVE-2013-1669<br> CVE-2013-1670<br> CVE-2013-1671<br> CVE-2013-1672<br> CVE-2013-1674<br> CVE-2013-1675<br> CVE-2013-1676<br> CVE-2013-1677<br> CVE-2013-1678<br> CVE-2013-1679<br> CVE-2013-1680<br> CVE-2013-1681<br> http://www.mozilla.org/security/announce/2013/mfsa2013-40.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-41.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-42.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-43.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-44.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-45.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-46.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-47.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-48.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/834591a9-c82f-11e0-897d-6c626dd55a41.html">834591a9-c82f-11e0-897d-6c626dd55a41</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-29 Security issues addressed in Firefox 6</p> <p>MFSA 2011-28 Security issues addressed in Firefox 3.6.20</p> </blockquote> <br>Discovery 2011-08-16<br>Entry 2011-08-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.20,1</blockquote><br> <blockquote>gt 5.0.,1 lt 6.0,1</blockquote><br> seamonkey<br> <blockquote>< 2.3 </blockquote><br> linux-firefox<br> <blockquote>< 3.6.20,1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 3.1.12 </blockquote><br> linux-thunderbird<br> <blockquote>< 3.1.12 </blockquote><br> CVE-2011-2992<br> http://www.mozilla.org/security/announce/2011/mfsa2011-29.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-30.html<br> CVE-2011-2982<br> CVE-2011-0084<br> CVE-2011-2981<br> CVE-2011-2378<br> CVE-2011-2984<br> CVE-2011-2980<br> CVE-2011-2983<br> CVE-2011-2989<br> CVE-2011-2991<br> CVE-2011-2985<br> CVE-2011-2993<br> CVE-2011-2988<br> CVE-2011-2987<br> CVE-2011-0084<br> CVE-2011-2990<br> CVE-2011-2986<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html">610de647-af8d-11e3-a25b-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)</p> <p>MFSA 2014-16 Files extracted during updates are not always read only</p> <p>MFSA 2014-17 Out of bounds read during WAV file decoding</p> <p>MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key</p> <p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p> <p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p> <p>MFSA 2014-21 Local file access via Open Link in new tab</p> <p>MFSA 2014-22 WebGL content injection from one domain to rendering in another</p> <p>MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore</p> <p>MFSA 2014-24 Android Crash Reporter open to manipulation</p> <p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape</p> <p>MFSA 2014-26 Information disclosure through polygon rendering in MathML</p> <p>MFSA 2014-27 Memory corruption in Cairo during PDF font rendering</p> <p>MFSA 2014-28 SVG filters information disclosure through feDisplacementMap</p> <p>MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs</p> <p>MFSA 2014-30 Use-after-free in TypeObject</p> <p>MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects</p> <p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering</p> </blockquote> <br>Discovery 2014-03-19<br>Entry 2014-03-19<br>Modified 2014-03-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 28.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 28.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.25 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.4.0 </blockquote><br> seamonkey<br> <blockquote>< 2.25 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.4.0 </blockquote><br> CVE-2014-1493<br> CVE-2014-1494<br> CVE-2014-1496<br> CVE-2014-1497<br> CVE-2014-1498<br> CVE-2014-1499<br> CVE-2014-1500<br> CVE-2014-1501<br> CVE-2014-1502<br> CVE-2014-1504<br> CVE-2014-1505<br> CVE-2014-1506<br> CVE-2014-1507<br> CVE-2014-1508<br> CVE-2014-1509<br> CVE-2014-1510<br> CVE-2014-1511<br> CVE-2014-1512<br> CVE-2014-1513<br> CVE-2014-1514<br> https://www.mozilla.org/security/announce/2014/mfsa2014-15.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-16.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-17.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-18.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-19.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-20.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-21.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-22.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-23.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-24.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-25.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-26.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-27.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-28.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-29.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-30.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-31.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-32.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6b3b1b97-207c-11e2-a03f-c8600054b392.html">6b3b1b97-207c-11e2-a03f-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-90 Fixes for Location object issues</p> </blockquote> <br>Discovery 2012-10-26<br>Entry 2012-10-27<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 16.0.2,1</blockquote><br> <blockquote>< 10.0.10,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.10,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.13.2 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.10 </blockquote><br> seamonkey<br> <blockquote>< 2.13.2 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 16.0.2</blockquote><br> <blockquote>< 10.0.10 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.10</blockquote><br> CVE-2012-4194<br> CVE-2012-4195<br> CVE-2012-4196<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-90.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html">5e0a038a-ca30-416d-a2f5-38cbf5e7df33</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-04-19<br>Entry 2017-04-19<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 53.0_2,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.1.0_2,1</blockquote><br> <blockquote>< 45.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.1.0,2</blockquote><br> <blockquote>< 45.9.0,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> CVE-2017-5433<br> CVE-2017-5435<br> CVE-2017-5436<br> CVE-2017-5461<br> CVE-2017-5459<br> CVE-2017-5466<br> CVE-2017-5434<br> CVE-2017-5432<br> CVE-2017-5460<br> CVE-2017-5438<br> CVE-2017-5439<br> CVE-2017-5440<br> CVE-2017-5441<br> CVE-2017-5442<br> CVE-2017-5464<br> CVE-2017-5443<br> CVE-2017-5444<br> CVE-2017-5446<br> CVE-2017-5447<br> CVE-2017-5465<br> CVE-2017-5448<br> CVE-2017-5437<br> CVE-2017-5454<br> CVE-2017-5455<br> CVE-2017-5456<br> CVE-2017-5469<br> CVE-2017-5445<br> CVE-2017-5449<br> CVE-2017-5450<br> CVE-2017-5451<br> CVE-2017-5462<br> CVE-2017-5463<br> CVE-2017-5467<br> CVE-2017-5452<br> CVE-2017-5453<br> CVE-2017-5458<br> CVE-2017-5468<br> CVE-2017-5430<br> CVE-2017-5429<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html">e60169c4-aa86-46b0-8ae2-0d81f683df09</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-01-24<br>Entry 2017-01-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 51.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.48 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.7.0 </blockquote><br> CVE-2017-5373<br> CVE-2017-5374<br> CVE-2017-5375<br> CVE-2017-5376<br> CVE-2017-5377<br> CVE-2017-5378<br> CVE-2017-5379<br> CVE-2017-5380<br> CVE-2017-5381<br> CVE-2017-5382<br> CVE-2017-5383<br> CVE-2017-5384<br> CVE-2017-5385<br> CVE-2017-5386<br> CVE-2017-5387<br> CVE-2017-5388<br> CVE-2017-5389<br> CVE-2017-5390<br> CVE-2017-5391<br> CVE-2017-5392<br> CVE-2017-5393<br> CVE-2017-5394<br> CVE-2017-5395<br> CVE-2017-5396<br> https://www.mozilla.org/security/advisories/mfsa2017-01/<br> https://www.mozilla.org/security/advisories/mfsa2017-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2c2d1c39-1396-459a-91f5-ca03ee7c64c6.html">2c2d1c39-1396-459a-91f5-ca03ee7c64c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)</p> <p>MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects</p> <p>MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation</p> <p>MFSA 2015-137 Firefox allows for control characters to be set in cookies</p> <p>MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed</p> <p>MFSA 2015-139 Integer overflow allocating extremely large textures</p> <p>MFSA 2015-140 Cross-origin information leak through web workers error events</p> <p>MFSA 2015-141 Hash in data URI is incorrectly parsed</p> <p>MFSA 2015-142 DOS due to malformed frames in HTTP/2</p> <p>MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library</p> <p>MFSA 2015-144 Buffer overflows found through code inspection</p> <p>MFSA 2015-145 Underflow through code inspection</p> <p>MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions</p> <p>MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright</p> <p>MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs</p> <p>MFSA 2015-149 Cross-site reading attack through data and view-source URIs</p> </blockquote> <br>Discovery 2015-12-15<br>Entry 2015-12-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 43.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 43.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.40 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.40 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.5.0,1 </blockquote><br> libxul<br> <blockquote>< 38.5.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.5.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.5.0 </blockquote><br> CVE-2015-7201<br> CVE-2015-7202<br> CVE-2015-7203<br> CVE-2015-7204<br> CVE-2015-7205<br> CVE-2015-7207<br> CVE-2015-7208<br> CVE-2015-7210<br> CVE-2015-7211<br> CVE-2015-7212<br> CVE-2015-7213<br> CVE-2015-7214<br> CVE-2015-7215<br> CVE-2015-7216<br> CVE-2015-7217<br> CVE-2015-7218<br> CVE-2015-7219<br> CVE-2015-7220<br> CVE-2015-7221<br> CVE-2015-7222<br> CVE-2015-7223<br> https://www.mozilla.org/security/advisories/mfsa2015-134/<br> https://www.mozilla.org/security/advisories/mfsa2015-135/<br> https://www.mozilla.org/security/advisories/mfsa2015-136/<br> https://www.mozilla.org/security/advisories/mfsa2015-137/<br> https://www.mozilla.org/security/advisories/mfsa2015-138/<br> https://www.mozilla.org/security/advisories/mfsa2015-139/<br> https://www.mozilla.org/security/advisories/mfsa2015-140/<br> https://www.mozilla.org/security/advisories/mfsa2015-141/<br> https://www.mozilla.org/security/advisories/mfsa2015-142/<br> https://www.mozilla.org/security/advisories/mfsa2015-143/<br> https://www.mozilla.org/security/advisories/mfsa2015-144/<br> https://www.mozilla.org/security/advisories/mfsa2015-145/<br> https://www.mozilla.org/security/advisories/mfsa2015-146/<br> https://www.mozilla.org/security/advisories/mfsa2015-147/<br> https://www.mozilla.org/security/advisories/mfsa2015-148/<br> https://www.mozilla.org/security/advisories/mfsa2015-149/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/45f102cd-4456-11e0-9580-4061862b8c22.html">45f102cd-4456-11e0-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)</p> <p>MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true</p> <p>MFSA 2011-03 Use-after-free error in JSON.stringify</p> <p>MFSA 2011-04 Buffer overflow in JavaScript upvarMap</p> <p>MFSA 2011-05 Buffer overflow in JavaScript atom map</p> <p>MFSA 2011-06 Use-after-free error using Web Workers</p> <p>MFSA 2011-07 Memory corruption during text run construction (Windows)</p> <p>MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents</p> <p>MFSA 2011-09 Crash caused by corrupted JPEG image</p> <p>MFSA 2011-10 CSRF risk with plugins and 307 redirects</p> </blockquote> <br>Discovery 2011-03-01<br>Entry 2011-03-01<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.14,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.17,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.14</blockquote><br> linux-firefox<br> <blockquote>< 3.6.14,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.17 </blockquote><br> linux-seamonkey<br> <blockquote>gt 2.0.* lt 2.0.12</blockquote><br> linux-thunderbird<br> <blockquote>ge 3.1 lt 3.1.8</blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.12</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 3.1.8 </blockquote><br> CVE-2010-1585<br> CVE-2011-0051<br> CVE-2011-0053<br> CVE-2011-0054<br> CVE-2011-0055<br> CVE-2011-0056<br> CVE-2011-0057<br> CVE-2011-0058<br> CVE-2011-0059<br> CVE-2011-0061<br> CVE-2011-0062<br> https://www.mozilla.org/security/announce/2011/mfsa2011-01.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-02.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-03.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-04.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-05.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-06.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-07.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-08.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-09.html<br> https://www.mozilla.org/security/announce/2011/mfsa2011-10.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/94976433-9c74-11e2-a9fc-d43d7e0c7c02.html">94976433-9c74-11e2-a9fc-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)</p> <p>MFSA 2013-31 Out-of-bounds write in Cairo library</p> <p>MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service</p> <p>MFSA 2013-33 World read and write access to app_tmp directory on Android</p> <p>MFSA 2013-34 Privilege escalation through Mozilla Updater</p> <p>MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux</p> <p>MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes</p> <p>MFSA 2013-37 Bypass of tab-modal dialog origin disclosure</p> <p>MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations</p> <p>MFSA 2013-39 Memory corruption while rendering grayscale PNG images</p> <p>MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage</p> </blockquote> <br>Discovery 2013-04-02<br>Entry 2013-04-03<br>Modified 2013-04-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 20.0,1</blockquote><br> <blockquote>< 17.0.5,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.5,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.17 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.5 </blockquote><br> seamonkey<br> <blockquote>< 2.17 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.5</blockquote><br> CVE-2013-0788<br> CVE-2013-0789<br> CVE-2013-0790<br> CVE-2013-0791<br> CVE-2013-0792<br> CVE-2013-0793<br> CVE-2013-0794<br> CVE-2013-0795<br> CVE-2013-0796<br> CVE-2013-0797<br> CVE-2013-0798<br> CVE-2013-0799<br> CVE-2013-0800<br> http://www.mozilla.org/security/announce/2013/mfsa2013-30.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-31.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-32.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-33.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-34.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-35.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-36.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-37.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-38.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-39.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-40.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3ff776b-2ba6-11e1-93c6-0011856a6e37.html">e3ff776b-2ba6-11e1-93c6-0011856a6e37</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</p> <p>MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library</p> <p>MFSA 2011-55 nsSVGValue out-of-bounds access</p> <p>MFSA 2011-56 Key detection without JavaScript via SVG animation</p> <p>MFSA 2011-58 Crash scaling video to extreme sizes</p> </blockquote> <br>Discovery 2011-12-20<br>Entry 2011-12-21<br>Modified 2011-12-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 4.0,1 lt 9.0,1</blockquote><br> linux-firefox<br> <blockquote>< 9.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.6 </blockquote><br> linux-thunderbird<br> <blockquote>< 9.0 </blockquote><br> seamonkey<br> <blockquote>< 2.6 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 4.0 lt 9.0</blockquote><br> CVE-2011-3658<br> CVE-2011-3660<br> CVE-2011-3661<br> CVE-2011-3663<br> CVE-2011-3665<br> http://www.mozilla.org/security/announce/2011/mfsa2011-53.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-54.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-55.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-56.html<br> http://www.mozilla.org/security/announce/2011/mfsa2011-58.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4f00dac0-1e18-4481-95af-7aaad63fd303.html">4f00dac0-1e18-4481-95af-7aaad63fd303</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44"> <p>MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)</p> <p>MFSA 2016-02 Out of Memory crash when parsing GIF format images</p> <p>MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation</p> <p>MFSA 2016-04 Firefox allows for control characters to be set in cookie names</p> <p>MFSA 2016-06 Missing delay following user click events in protocol handler dialog</p> <p>MFSA 2016-09 Addressbar spoofing attacks</p> <p>MFSA 2016-10 Unsafe memory manipulation found through code inspection</p> <p>MFSA 2016-11 Application Reputation service disabled in Firefox 43</p> </blockquote> <br>Discovery 2016-01-26<br>Entry 2016-02-01<br>Modified 2016-03-08<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 44.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.41 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.6.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.6.0 </blockquote><br> CVE-2015-7208<br> CVE-2016-1930<br> CVE-2016-1931<br> CVE-2016-1933<br> CVE-2016-1935<br> CVE-2016-1937<br> CVE-2016-1939<br> CVE-2016-1942<br> CVE-2016-1943<br> CVE-2016-1944<br> CVE-2016-1945<br> CVE-2016-1946<br> CVE-2016-1947<br> https://www.mozilla.org/security/advisories/mfsa2016-01/<br> https://www.mozilla.org/security/advisories/mfsa2016-02/<br> https://www.mozilla.org/security/advisories/mfsa2016-03/<br> https://www.mozilla.org/security/advisories/mfsa2016-04/<br> https://www.mozilla.org/security/advisories/mfsa2016-06/<br> https://www.mozilla.org/security/advisories/mfsa2016-09/<br> https://www.mozilla.org/security/advisories/mfsa2016-10/<br> https://www.mozilla.org/security/advisories/mfsa2016-11/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c4f067b9-dc4a-11df-8e32-000f20797ede.html">c4f067b9-dc4a-11df-8e32-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)</p> <p>MFSA 2010-65 Buffer overflow and memory corruption using document.write</p> <p>MFSA 2010-66 Use-after-free error in nsBarProp</p> <p>MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter</p> <p>MFSA 2010-68 XSS in gopher parser when parsing hrefs</p> <p>MFSA 2010-69 Cross-site information disclosure via modal calls</p> <p>MFSA 2010-70 SSL wildcard certificate matching IP addresses</p> <p>MFSA 2010-71 Unsafe library loading vulnerabilities</p> <p>MFSA 2010-72 Insecure Diffie-Hellman key exchange</p> </blockquote> <br>Discovery 2010-10-19<br>Entry 2010-10-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 3.6.,1 lt 3.6.11,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.14,1</blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 1.9.2.11</blockquote><br> linux-firefox<br> <blockquote>< 3.6.11,1 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.14 </blockquote><br> seamonkey<br> <blockquote>gt 2.0.* lt 2.0.9</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>ge 3.0 lt 3.0.9</blockquote><br> <blockquote>ge 3.1 lt 3.1.5</blockquote><br> CVE-2010-3170<br> CVE-2010-3173<br> CVE-2010-3174<br> CVE-2010-3175<br> CVE-2010-3176<br> CVE-2010-3177<br> CVE-2010-3178<br> CVE-2010-3179<br> CVE-2010-3180<br> CVE-2010-3181<br> CVE-2010-3182<br> CVE-2010-3183<br> http://www.mozilla.org/security/announce/2010/mfsa2010-64.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-65.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-66.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-67.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-68.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-69.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-70.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-71.html<br> http://www.mozilla.org/security/announce/2010/mfsa2010-72.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html">1098a15b-b0f6-42b7-b5c7-8a8646e8be07</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>CVE-2017-7793: Use-after-free with Fetch API</p> <p>CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode</p> <p>CVE-2017-7818: Use-after-free during ARIA array manipulation</p> <p>CVE-2017-7819: Use-after-free while resizing images in design mode</p> <p>CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE</p> <p>CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes</p> <p>CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files</p> <p>CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings</p> <p>CVE-2017-7813: Integer truncation in the JavaScript parser</p> <p>CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces</p> <p>CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations</p> <p>CVE-2017-7816: WebExtensions can load about: URLs in extension UI</p> <p>CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction</p> <p>CVE-2017-7823: CSP sandbox directive did not create a unique origin</p> <p>CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV</p> <p>CVE-2017-7820: Xray wrapper bypass with new tab and web console</p> <p>CVE-2017-7811: Memory safety bugs fixed in Firefox 56</p> <p>CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4</p> </blockquote> <br>Discovery 2017-09-28<br>Entry 2017-09-29<br>Modified 2017-10-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.4.0 </blockquote><br> CVE-2017-7793<br> CVE-2017-7805<br> CVE-2017-7810<br> CVE-2017-7811<br> CVE-2017-7812<br> CVE-2017-7813<br> CVE-2017-7814<br> CVE-2017-7815<br> CVE-2017-7816<br> CVE-2017-7817<br> CVE-2017-7818<br> CVE-2017-7819<br> CVE-2017-7820<br> CVE-2017-7821<br> CVE-2017-7822<br> CVE-2017-7823<br> CVE-2017-7824<br> CVE-2017-7825<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7ae61870-9dd2-4884-a2f2-f19bb5784d09.html">7ae61870-9dd2-4884-a2f2-f19bb5784d09</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data</p> <p>MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory</p> <p>MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer</p> <p>MFSA-2014-88 Buffer overflow while parsing media content</p> <p>MFSA-2014-87 Use-after-free during HTML5 parsing</p> <p>MFSA-2014-86 CSP leaks redirect data via violation reports</p> <p>MFSA-2014-85 XMLHttpRequest crashes with some input streams</p> <p>MFSA-2014-84 XBL bindings accessible via improper CSS declarations</p> <p>MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)</p> </blockquote> <br>Discovery 2014-12-01<br>Entry 2014-12-02<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 34.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 34.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.31 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.3.0 </blockquote><br> seamonkey<br> <blockquote>< 2.31 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.3.0 </blockquote><br> libxul<br> <blockquote>< 31.3.0 </blockquote><br> <a href="/security/nss/">nss<br> </a><blockquote>< 3.17.3 </blockquote><br> CVE-2014-1587<br> CVE-2014-1588<br> CVE-2014-1589<br> CVE-2014-1590<br> CVE-2014-1591<br> CVE-2014-1592<br> CVE-2014-1593<br> CVE-2014-1594<br> CVE-2014-1595<br> CVE-2014-1569<br> https://www.mozilla.org/security/advisories/mfsa2014-83<br> https://www.mozilla.org/security/advisories/mfsa2014-84<br> https://www.mozilla.org/security/advisories/mfsa2014-85<br> https://www.mozilla.org/security/advisories/mfsa2014-86<br> https://www.mozilla.org/security/advisories/mfsa2014-87<br> https://www.mozilla.org/security/advisories/mfsa2014-88<br> https://www.mozilla.org/security/advisories/mfsa2014-89<br> https://www.mozilla.org/security/advisories/mfsa2014-90<br> https://www.mozilla.org/security/advisories/<br> </td></tr> </table> </body> </html>