FreshPorts - VuXML

The Mozilla Project reports:

MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true

MFSA 2011-03 Use-after-free error in JSON.stringify

MFSA 2011-04 Buffer overflow in JavaScript upvarMap

MFSA 2011-05 Buffer overflow in JavaScript atom map

MFSA 2011-06 Use-after-free error using Web Workers

MFSA 2011-07 Memory corruption during text run construction (Windows)

MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents

MFSA 2011-09 Crash caused by corrupted JPEG image

MFSA 2011-10 CSRF risk with plugins and 307 redirects

gt 3.6.*,1 lt 3.6.14,1

gt 3.5.*,1 lt 3.5.17,1

gt 1.9.2.* lt 1.9.2.14

< 3.6.14,1

< 3.5.17

gt 2.0.* lt 2.0.12

ge 3.1 lt 3.1.8

gt 2.0.* lt 2.0.12

< 3.1.8

The Mozilla Project reports:

MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme

MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-106 Use-after-free while manipulating HTML media content

MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API

< 41.0,1

< 41.0,1

< 2.38

< 2.38

< 38.3.0,1

< 38.3.0

< 38.3.0

< 38.3.0

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -