FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
888a0262-f0d9-11e3-ba0c-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer

MFSA 2014-51 Use-after-free in Event Listener Manager

MFSA 2014-52 Use-after-free with SMIL Animation Controller

MFSA 2014-53 Buffer overflow in Web Audio Speex resampler

MFSA 2014-54 Buffer overflow in Gamepad API

MFSA 2014-55 Out of bounds write in NSPR


Discovery 2014-06-10
Entry 2014-06-10
firefox
lt 30.0,1

firefox-esr
lt 24.6.0,1

seamonkey
lt 2.26.1

linux-firefox
lt 30.0,1

linux-seamonkey
lt 2.26.1

linux-thunderbird
lt 24.6.0

nspr
lt 4.10.6

thunderbird
lt 24.6.0

CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1540
CVE-2014-1541
CVE-2014-1542
CVE-2014-1543
CVE-2014-1545
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
https://www.mozilla.org/security/announce/2014/mfsa2014-55.html
380e8c56-8e32-11e1-9580-4061862b8c22mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9

MFSA 2012-22 use-after-free in IDBKeyRange

MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface

MFSA 2012-24 Potential XSS via multibyte content processing errors

MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite

MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

MFSA 2012-27 Page load short-circuit can lead to XSS

MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

MFSA 2012-30 Crash with WebGL content using textImage2D

MFSA 2012-31 Off-by-one error in OpenType Sanitizer

MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors

MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds


Discovery 2012-04-24
Entry 2012-04-24
firefox
gt 11.0,1 lt 12.0,1

lt 10.0.4,1

linux-firefox
lt 10.0.4,1

linux-seamonkey
lt 2.9

linux-thunderbird
lt 10.0.4

seamonkey
lt 2.9

thunderbird
gt 11.0 lt 12.0

lt 10.0.4

libxul
gt 1.9.2.* lt 10.0.4

CVE-2011-1187
CVE-2011-3062
CVE-2012-0467
CVE-2012-0468
CVE-2012-0469
CVE-2012-0470
CVE-2012-0471
CVE-2012-0472
CVE-2012-0473
CVE-2012-0474
CVE-2012-0475
CVE-2012-0477
CVE-2012-0478
CVE-2012-0479
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
103bf96a-6211-45ab-b567-1555ebb3a86afirefox -- Arbitrary code execution through unsanitized browser UI

The Mozilla Foundation reports:

Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.


Discovery 2018-01-29
Entry 2018-01-29
Modified 2018-01-31
firefox
lt 58.0.1,1

waterfox
lt 56.0.3.65

https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
172b22cb-d3f6-11e5-ac9e-485d605f4717firefox -- Same-origin-policy violation using Service Workers with plugins

The Mozilla Foundation reports:

MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests. For example, a forged crossdomain.xml could allow a malicious site to violate the same-origin policy using the Flash plugin.


Discovery 2016-02-11
Entry 2016-02-15
firefox
lt 44.0.2,1

linux-firefox
lt 44.0.2,1

CVE-2016-1949
https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
4f00dac0-1e18-4481-95af-7aaad63fd303mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

MFSA 2016-02 Out of Memory crash when parsing GIF format images

MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation

MFSA 2016-04 Firefox allows for control characters to be set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

MFSA 2016-11 Application Reputation service disabled in Firefox 43


Discovery 2016-01-26
Entry 2016-02-01
Modified 2016-03-08
firefox
linux-firefox
lt 44.0,1

seamonkey
linux-seamonkey
lt 2.41

firefox-esr
lt 38.6.0,1

libxul
thunderbird
linux-thunderbird
lt 38.6.0

CVE-2015-7208
CVE-2016-1930
CVE-2016-1931
CVE-2016-1933
CVE-2016-1935
CVE-2016-1937
CVE-2016-1939
CVE-2016-1942
CVE-2016-1943
CVE-2016-1944
CVE-2016-1945
CVE-2016-1946
CVE-2016-1947
https://www.mozilla.org/security/advisories/mfsa2016-01/
https://www.mozilla.org/security/advisories/mfsa2016-02/
https://www.mozilla.org/security/advisories/mfsa2016-03/
https://www.mozilla.org/security/advisories/mfsa2016-04/
https://www.mozilla.org/security/advisories/mfsa2016-06/
https://www.mozilla.org/security/advisories/mfsa2016-09/
https://www.mozilla.org/security/advisories/mfsa2016-10/
https://www.mozilla.org/security/advisories/mfsa2016-11/
d10b49b2-8d02-49e8-afde-0844626317afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4


Discovery 2018-12-11
Entry 2018-12-11
Modified 2019-07-23
firefox
lt 64.0_3,1

waterfox
lt 56.2.6

seamonkey
linux-seamonkey
lt 2.53.0

firefox-esr
lt 60.4.0,1

linux-firefox
lt 60.4.0,2

libxul
thunderbird
linux-thunderbird
lt 60.4.0

CVE-2018-12405
CVE-2018-12406
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -