FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 49beb00f-a6e1-4a42-93df-9cb14b4c2bee | Mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-11707: Type confusion in Array.pop
A type confusion vulnerability can occur when manipulating
JavaScript objects due to issues in Array.pop. This can allow
for an exploitable crash. We are aware of targeted attacks in
the wild abusing this flaw.
CVE-2019-11708: sandbox escape using Prompt:Open
Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes can
result in the non-sandboxed parent process opening web content
chosen by a compromised child process. When combined with
additional vulnerabilities this could result in executing
arbitrary code on the user's computer.
Discovery 2019-06-20
Entry 2019-06-21
thunderbird
< thunderbird-60.7.2
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/
CVE-2019-11707
CVE-2019-11708
|