FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c4f39920-781f-4aeb-b6af-17ed566c4272	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Discovery 2018-10-02 Entry 2018-10-02 Modified 2019-07-23 firefox < 62.0.3,1 waterfox < 56.2.4 seamonkey linux-seamonkey < 2.53.0 firefox-esr < 60.2.2,1 linux-firefox < 60.2.2,2 libxul thunderbird linux-thunderbird < 60.2.2 CVE-2018-12386 CVE-2018-12387 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
05da6b56-3e66-4306-9ea3-89fafe939726	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled CVE-2019-9794: Command line arguments not discarded during execution CVE-2019-9795: Type-confusion in IonMonkey JIT compiler CVE-2019-9796: Use-after-free with SMIL animation controller CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location CVE-2019-9799: Information disclosure via IPC channel messages CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content CVE-2019-9802: Chrome process information leak CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS CVE-2019-9805: Potential use of uninitialized memory in Prio CVE-2019-9806: Denial of service through successive FTP authorization prompts CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages CVE-2019-9809: Denial of service through FTP modal alert error messages CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs CVE-2019-9789: Memory safety bugs fixed in Firefox 66 CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 Discovery 2019-03-19 Entry 2019-03-19 Modified 2019-07-23 firefox < 66.0_3,1 waterfox < 56.2.9 seamonkey linux-seamonkey < 2.53.0 firefox-esr < 60.6.0,1 linux-firefox < 60.6.0,2 libxul thunderbird linux-thunderbird < 60.6.0 CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9798 CVE-2019-9799 CVE-2019-9801 CVE-2019-9802 CVE-2019-9803 CVE-2019-9804 CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808 CVE-2019-9809 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-9821: Use-after-free in AssertWorkerThread CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11695: Custom cursor can render over user interface outside of web content CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-11700: res: protocol can be used to open known local files CVE-2019-11699: Incorrect domain name highlighting during page navigation CVE-2019-11701: webcal: protocol default handler loads vulnerable web page CVE-2019-9814: Memory safety bugs fixed in Firefox 67 CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 Discovery 2019-05-21 Entry 2019-05-22 Modified 2019-07-23 firefox < 67.0,1 waterfox < 56.2.10 seamonkey linux-seamonkey < 2.53.0 firefox-esr < 60.7.0,1 linux-firefox < 60.7.0,2 libxul thunderbird linux-thunderbird < 60.7.0 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-7317 CVE-2019-11694 CVE-2019-11695 CVE-2019-11696 CVE-2019-11697 CVE-2019-11698 CVE-2019-11700 CVE-2019-11699 CVE-2019-11701 CVE-2019-9814 CVE-2019-9800 https://www.mozilla.org/security/advisories/mfsa2019-13/ https://www.mozilla.org/security/advisories/mfsa2019-14/ https://www.mozilla.org/security/advisories/mfsa2019-15/
18f39fb6-7400-4063-acaf-0806e92c094f	Mozilla -- SVG Animation Remote Code Execution The Mozilla Foundation reports: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. Discovery 2016-11-30 Entry 2016-12-01 Modified 2016-12-16 firefox < 50.0.2,1 firefox-esr < 45.5.1,1 linux-firefox < 45.5.1,2 seamonkey < 2.46 linux-seamonkey < 2.46 libxul < 45.5.1 thunderbird < 45.5.1 linux-thunderbird < 45.5.1 CVE-2016-9079 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
23f59689-0152-42d3-9ade-1658d6380567	mozilla -- use-after-free in compositor The Mozilla Foundation reports: CVE-2018-5148: Use-after-free in compositor A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. Discovery 2018-03-26 Entry 2018-03-27 Modified 2018-03-31 firefox < 59.0.2,1 waterfox < 56.0.4.36_3 seamonkey linux-seamonkey < 2.49.3 firefox-esr < 52.7.3,1 linux-firefox < 52.7.3,2 libxul < 52.7.3 linux-thunderbird < 52.7.1 thunderbird < 52.7.0_1 CVE-2018-5148 https://www.mozilla.org/security/advisories/mfsa2018-10/
6cec1b0a-da15-467d-8691-1dea392d4c8d	mozilla -- multiple vulnerabilities Mozilla Foundation reports: Please reference CVE/URL list for details Discovery 2017-06-13 Entry 2017-06-13 Modified 2017-09-19 firefox < 54.0,1 seamonkey linux-seamonkey < 2.49.1 firefox-esr < 52.2.0,1 linux-firefox < 52.2.0,2 libxul thunderbird linux-thunderbird < 52.2.0 CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7759 CVE-2017-7760 CVE-2017-7761 CVE-2017-7762 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7778 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
aa1aefe3-6e37-47db-bfda-343ef4acb1b5	Mozilla -- multiple vulnerabilities Mozilla Foundation reports: Please reference CVE/URL list for details Discovery 2016-08-02 Entry 2016-09-07 Modified 2016-09-20 firefox < 48.0,1 seamonkey linux-seamonkey < 2.45 firefox-esr < 45.3.0,1 linux-firefox < 45.3.0,2 libxul thunderbird linux-thunderbird < 45.3.0 CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
7943794f-707f-4e31-9fea-3bbf1ddcedc1	mozilla -- multiple vulnerabilities The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. Discovery 2018-03-16 Entry 2018-03-16 Modified 2018-03-31 libvorbis < 1.3.6,3 libtremor < 1.2.1.s20180316 firefox < 59.0.1,1 waterfox < 56.0.4.36_3 seamonkey linux-seamonkey < 2.49.3 firefox-esr < 52.7.2,1 linux-firefox < 52.7.2,2 libxul < 52.7.3 thunderbird linux-thunderbird < 52.7.0 CVE-2018-5146 CVE-2018-5147 https://www.mozilla.org/security/advisories/mfsa2018-08/ https://www.mozilla.org/security/advisories/mfsa2018-09/
2c57c47e-8bb3-4694-83c8-9fc3abad3964	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low] CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] CVE-2016-5281 - use-after-free in DOMSVGLength [high] CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate] CVE-2016-5283 - fragment timing attack can reveal cross-origin data [high]</p> <p>CVE-2016-5284 - Add-on update site certificate pin expiration [high]</p> </blockquote> <br>Discovery 2016-09-13<br>Entry 2016-09-20<br>Modified 2016-10-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 49.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.4.0 </blockquote><br> CVE-2016-2827<br> CVE-2016-5256<br> CVE-2016-5257<br> CVE-2016-5270<br> CVE-2016-5271<br> CVE-2016-5272<br> CVE-2016-5273<br> CVE-2016-5274<br> CVE-2016-5275<br> CVE-2016-5276<br> CVE-2016-5277<br> CVE-2016-5278<br> CVE-2016-5279<br> CVE-2016-5280<br> CVE-2016-5281<br> CVE-2016-5282<br> CVE-2016-5283<br> CVE-2016-5284<br> https://www.mozilla.org/security/advisories/mfsa2016-85/<br> https://www.mozilla.org/security/advisories/mfsa2016-86/<br> https://www.mozilla.org/security/advisories/mfsa2016-88/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c71cdc95-3c18-45b7-866a-af28b59aabb5.html">c71cdc95-3c18-45b7-866a-af28b59aabb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"> <p>CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList</p> <p>CVE-2018-5128: Use-after-free manipulating editor selection ranges</p> <p>CVE-2018-5129: Out-of-bounds write with malformed IPC messages</p> <p>CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption</p> <p>CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources</p> <p>CVE-2018-5132: WebExtension Find API can search privileged pages</p> <p>CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized</p> <p>CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions</p> <p>CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts</p> <p>CVE-2018-5136: Same-origin policy violation with data: URL shared workers</p> <p>CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources</p> <p>CVE-2018-5138: Android Custom Tab address spoofing through long domain names</p> <p>CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol</p> <p>CVE-2018-5141: DOS attack through notifications Push API</p> <p>CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs</p> <p>CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar</p> <p>CVE-2018-5126: Memory safety bugs fixed in Firefox 59</p> <p>CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7</p> </blockquote> <br>Discovery 2018-03-13<br>Entry 2018-03-13<br>Modified 2018-03-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5125<br> CVE-2018-5126<br> CVE-2018-5127<br> CVE-2018-5128<br> CVE-2018-5129<br> CVE-2018-5130<br> CVE-2018-5131<br> CVE-2018-5132<br> CVE-2018-5133<br> CVE-2018-5134<br> CVE-2018-5135<br> CVE-2018-5136<br> CVE-2018-5137<br> CVE-2018-5138<br> CVE-2018-5140<br> CVE-2018-5141<br> CVE-2018-5142<br> CVE-2018-5143<br> https://www.mozilla.org/security/advisories/mfsa2018-06/<br> https://www.mozilla.org/security/advisories/mfsa2018-07/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7c3a02b9-3273-4426-a0ba-f90fad2ff72e.html">7c3a02b9-3273-4426-a0ba-f90fad2ff72e</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/"> <p>CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin</p> <p>CVE-2018-12392: Crash with nested event loops</p> <p>CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript</p> <p>CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting</p> <p>CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts</p> <p>CVE-2018-12397:</p> <p>CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs</p> <p>CVE-2018-12399: Spoofing of protocol registration notification bar</p> <p>CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android</p> <p>CVE-2018-12401: DOS attack through special resource URI parsing</p> <p>CVE-2018-12402: SameSite cookies leak when pages are explicitly saved</p> <p>CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP</p> <p>CVE-2018-12388: Memory safety bugs fixed in Firefox 63</p> <p>CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3</p> </blockquote> <br>Discovery 2018-10-23<br>Entry 2018-10-23<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 63.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.5 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.3.0 </blockquote><br> CVE-2018-12388<br> CVE-2018-12390<br> CVE-2018-12391<br> CVE-2018-12392<br> CVE-2018-12393<br> CVE-2018-12395<br> CVE-2018-12396<br> CVE-2018-12397<br> CVE-2018-12398<br> CVE-2018-12399<br> CVE-2018-12400<br> CVE-2018-12401<br> CVE-2018-12402<br> CVE-2018-12403<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html">f78eac48-c3d1-4666-8de5-63ceea25a578</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/"> <p>CVE-2017-7828: Use-after-free of PressShell while restyling layout</p> <p>CVE-2017-7830: Cross-origin URL information leak through Resource Timing API</p> <p>CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects</p> <p>CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers</p> <p>CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters</p> <p>CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections</p> <p>CVE-2017-7835: Mixed content blocking incorrectly applies with redirects</p> <p>CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X</p> <p>CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies</p> <p>CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN</p> <p>CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism</p> <p>CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags</p> <p>CVE-2017-7842: Referrer Policy is not always respected for <link> elements</p> <p>CVE-2017-7827: Memory safety bugs fixed in Firefox 57</p> <p>CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5</p> </blockquote> <br>Discovery 2017-11-14<br>Entry 2017-11-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0.2_10,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.5.0 </blockquote><br> CVE-2017-7826<br> CVE-2017-7827<br> CVE-2017-7828<br> CVE-2017-7830<br> CVE-2017-7831<br> CVE-2017-7832<br> CVE-2017-7833<br> CVE-2017-7834<br> CVE-2017-7835<br> CVE-2017-7836<br> CVE-2017-7837<br> CVE-2017-7838<br> CVE-2017-7839<br> CVE-2017-7840<br> CVE-2017-7842<br> https://www.mozilla.org/security/advisories/mfsa2017-24/<br> https://www.mozilla.org/security/advisories/mfsa2017-25/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html">d1853110-07f4-4645-895b-6fd462ad0589</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-11-15<br>Entry 2016-11-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.5.0 </blockquote><br> CVE-2016-5289<br> CVE-2016-5290<br> CVE-2016-5291<br> CVE-2016-5292<br> CVE-2016-5293<br> CVE-2016-5294<br> CVE-2016-5295<br> CVE-2016-5296<br> CVE-2016-5297<br> CVE-2016-5298<br> CVE-2016-5299<br> CVE-2016-9061<br> CVE-2016-9062<br> CVE-2016-9063<br> CVE-2016-9064<br> CVE-2016-9065<br> CVE-2016-9066<br> CVE-2016-9067<br> CVE-2016-9068<br> CVE-2016-9070<br> CVE-2016-9071<br> CVE-2016-9072<br> CVE-2016-9073<br> CVE-2016-9074<br> CVE-2016-9075<br> CVE-2016-9076<br> CVE-2016-9077<br> https://www.mozilla.org/security/advisories/mfsa2016-89/<br> https://www.mozilla.org/security/advisories/mfsa2016-90/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/96eca031-1313-4daf-9be2-9d6e1c4f1eb5.html">96eca031-1313-4daf-9be2-9d6e1c4f1eb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-03-07<br>Entry 2017-03-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 52.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.0,1</blockquote><br> <blockquote>< 45.8.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.0,2</blockquote><br> <blockquote>< 45.8.0_1,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0_1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0 </blockquote><br> CVE-2017-5400<br> CVE-2017-5401<br> CVE-2017-5402<br> CVE-2017-5403<br> CVE-2017-5404<br> CVE-2017-5406<br> CVE-2017-5407<br> CVE-2017-5410<br> CVE-2017-5411<br> CVE-2017-5409<br> CVE-2017-5408<br> CVE-2017-5412<br> CVE-2017-5413<br> CVE-2017-5414<br> CVE-2017-5415<br> CVE-2017-5416<br> CVE-2017-5417<br> CVE-2017-5425<br> CVE-2017-5426<br> CVE-2017-5427<br> CVE-2017-5418<br> CVE-2017-5419<br> CVE-2017-5420<br> CVE-2017-5405<br> CVE-2017-5421<br> CVE-2017-5422<br> CVE-2017-5399<br> CVE-2017-5398<br> https://www.mozilla.org/security/advisories/mfsa2017-05/<br> https://www.mozilla.org/security/advisories/mfsa2017-06/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html">cd81806c-26e7-4d4a-8425-02724a2f48af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"> <p>CVE-2018-12359: Buffer overflow using computed size of canvas element</p> <p>CVE-2018-12360: Use-after-free when using focus()</p> <p>CVE-2018-12361: Integer overflow in SwizzleData</p> <p>CVE-2018-12358: Same-origin bypass using service worker and redirection</p> <p>CVE-2018-12362: Integer overflow in SSSE3 scaler</p> <p>CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture</p> <p>CVE-2018-12363: Use-after-free when appending DOM nodes</p> <p>CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins</p> <p>CVE-2018-12365: Compromised IPC child process can list local filenames</p> <p>CVE-2018-12371: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-12366: Invalid data handling during QCMS transformations</p> <p>CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming</p> <p>CVE-2018-12368: No warning when opening executable SettingContent-ms files</p> <p>CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments</p> <p>CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View</p> <p>CVE-2018-5186: Memory safety bugs fixed in Firefox 61</p> <p>CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1</p> <p>CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9</p> </blockquote> <br>Discovery 2018-06-26<br>Entry 2018-06-26<br>Modified 2018-07-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 61.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.1.19_2 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 60.0,1 lt 60.1.0_1,1</blockquote><br> <blockquote>< 52.9.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.9.0 </blockquote><br> CVE-2018-12362<br> CVE-2018-5156<br> CVE-2018-5186<br> CVE-2018-5187<br> CVE-2018-5188<br> CVE-2018-12358<br> CVE-2018-12359<br> CVE-2018-12360<br> CVE-2018-12361<br> CVE-2018-12363<br> CVE-2018-12364<br> CVE-2018-12365<br> CVE-2018-12366<br> CVE-2018-12367<br> CVE-2018-12368<br> CVE-2018-12369<br> CVE-2018-12370<br> CVE-2018-12371<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b1f7d52f-fc42-48e8-8403-87d4c9d26229.html">b1f7d52f-fc42-48e8-8403-87d4c9d26229</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/"> <p>CVE-2018-18500: Use-after-free parsing HTML5 stream</p> <p>CVE-2018-18503: Memory corruption with Audio Buffer</p> <p>CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer</p> <p>CVE-2018-18505: Privilege escalation through IPC channel messages</p> <p>CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied</p> <p>CVE-2018-18502: Memory safety bugs fixed in Firefox 65</p> <p>CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5</p> </blockquote> <br>Discovery 2019-01-29<br>Entry 2019-01-29<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 65.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.5.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.5.0 </blockquote><br> CVE-2018-18500<br> CVE-2018-18501<br> CVE-2018-18502<br> CVE-2018-18503<br> CVE-2018-18504<br> CVE-2018-18505<br> CVE-2018-18506<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5aefc41e-d304-4ec8-8c82-824f84f08244.html">5aefc41e-d304-4ec8-8c82-824f84f08244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/"> <p>CVE-2018-5183: Backport critical security fixes in Skia</p> <p>CVE-2018-5154: Use-after-free with SVG animations and clip paths</p> <p>CVE-2018-5155: Use-after-free with SVG animations and text paths</p> <p>CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files</p> <p>CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer</p> <p>CVE-2018-5159: Integer overflow and out-of-bounds write in Skia</p> <p>CVE-2018-5160: Uninitialized memory use by WebRTC encoder</p> <p>CVE-2018-5152: WebExtensions information leak through webRequest API</p> <p>CVE-2018-5153: Out-of-bounds read in mixed content websocket messages</p> <p>CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache</p> <p>CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace</p> <p>CVE-2018-5166: WebExtension host permission bypass through filterReponseData</p> <p>CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger</p> <p>CVE-2018-5168: Lightweight themes can be installed without user interaction</p> <p>CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages</p> <p>CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer</p> <p>CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters</p> <p>CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update</p> <p>CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies</p> <p>CVE-2018-5176: JSON Viewer script injection</p> <p>CVE-2018-5177: Buffer overflow in XSLT during number formatting</p> <p>CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox</p> <p>CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension</p> <p>CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced</p> <p>CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink</p> <p>CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar</p> <p>CVE-2018-5151: Memory safety bugs fixed in Firefox 60</p> <p>CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8</p> </blockquote> <br>Discovery 2018-05-09<br>Entry 2018-05-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.1.0_18 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.8.0 </blockquote><br> CVE-2018-5150<br> CVE-2018-5151<br> CVE-2018-5152<br> CVE-2018-5153<br> CVE-2018-5154<br> CVE-2018-5155<br> CVE-2018-5157<br> CVE-2018-5158<br> CVE-2018-5159<br> CVE-2018-5160<br> CVE-2018-5163<br> CVE-2018-5164<br> CVE-2018-5165<br> CVE-2018-5166<br> CVE-2018-5167<br> CVE-2018-5168<br> CVE-2018-5169<br> CVE-2018-5172<br> CVE-2018-5173<br> CVE-2018-5174<br> CVE-2018-5175<br> CVE-2018-5176<br> CVE-2018-5177<br> CVE-2018-5178<br> CVE-2018-5180<br> CVE-2018-5181<br> CVE-2018-5182<br> CVE-2018-5183<br> https://www.mozilla.org/security/advisories/mfsa2018-11/<br> https://www.mozilla.org/security/advisories/mfsa2018-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d10b49b2-8d02-49e8-afde-0844626317af.html">d10b49b2-8d02-49e8-afde-0844626317af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"> <p>CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module</p> <p>CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11</p> <p>CVE-2018-18492: Use-after-free with select element</p> <p>CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia</p> <p>CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs</p> <p>CVE-2018-18495: WebExtension content scripts can be loaded in about: pages</p> <p>CVE-2018-18496: Embedded feed preview page can be abused for clickjacking</p> <p>CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators</p> <p>CVE-2018-18498: Integer overflow when calculating buffer sizes for images</p> <p>CVE-2018-12406: Memory safety bugs fixed in Firefox 64</p> <p>CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4</p> </blockquote> <br>Discovery 2018-12-11<br>Entry 2018-12-11<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 64.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.6 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.4.0 </blockquote><br> CVE-2018-12405<br> CVE-2018-12406<br> CVE-2018-12407<br> CVE-2018-17466<br> CVE-2018-18492<br> CVE-2018-18493<br> CVE-2018-18494<br> CVE-2018-18495<br> CVE-2018-18496<br> CVE-2018-18497<br> CVE-2018-18498<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c96d416a-eae7-4d5d-bc84-40deca9329fb.html">c96d416a-eae7-4d5d-bc84-40deca9329fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/"> <p>CVE-2018-12377: Use-after-free in refresh driver timers</p> <p>CVE-2018-12378: Use-after-free in IndexedDB</p> <p>CVE-2018-12379: Out-of-bounds write with malicious MAR file</p> <p>CVE-2017-16541: Proxy bypass using automount and autofs</p> <p>CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation</p> <p>CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android</p> <p>CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords</p> <p>CVE-2018-12375: Memory safety bugs fixed in Firefox 62</p> <p>CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2</p> </blockquote> <br>Discovery 2018-09-05<br>Entry 2018-09-05<br>Modified 2018-09-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2 </blockquote><br> CVE-2017-16541<br> CVE-2018-12375<br> CVE-2018-12376<br> CVE-2018-12377<br> CVE-2018-12378<br> CVE-2018-12379<br> CVE-2018-12381<br> CVE-2018-12382<br> CVE-2018-12383<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0592f49f-b3b8-4260-b648-d1718762656c.html">0592f49f-b3b8-4260-b648-d1718762656c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"> <p>CVE-2019-9811: Sandbox escape via installation of malicious language pack</p> <p>CVE-2019-11711: Script injection within domain through inner window reuse</p> <p>CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects</p> <p>CVE-2019-11713: Use-after-free with HTTP/2 cached stream</p> <p>CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread</p> <p>CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault</p> <p>CVE-2019-11715: HTML parsing error can contribute to content XSS</p> <p>CVE-2019-11716: globalThis not enumerable until accessed</p> <p>CVE-2019-11717: Caret character improperly escaped in origins</p> <p>CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML</p> <p>CVE-2019-11719: Out-of-bounds read when importing curve25519 private key</p> <p>CVE-2019-11720: Character encoding XSS vulnerability</p> <p>CVE-2019-11721: Domain spoofing through unicode latin 'kra' character</p> <p>CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin</p> <p>CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries</p> <p>CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions</p> <p>CVE-2019-11725: Websocket resources bypass safebrowsing protections</p> <p>CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3</p> <p>CVE-2019-11728: Port scanning through Alt-Svc header</p> <p>CVE-2019-11710: Memory safety bugs fixed in Firefox 68</p> <p>CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8</p> </blockquote> <br>Discovery 2019-07-09<br>Entry 2019-07-09<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 68.0_4,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.12 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.8.0 </blockquote><br> CVE-2019-11709<br> CVE-2019-11710<br> CVE-2019-11711<br> CVE-2019-11712<br> CVE-2019-11713<br> CVE-2019-11714<br> CVE-2019-11715<br> CVE-2019-11716<br> CVE-2019-11717<br> CVE-2019-11718<br> CVE-2019-11719<br> CVE-2019-11720<br> CVE-2019-11721<br> CVE-2019-11723<br> CVE-2019-11724<br> CVE-2019-11725<br> CVE-2019-11727<br> CVE-2019-11728<br> CVE-2019-11729<br> CVE-2019-11730<br> CVE-2019-9811<br> https://www.mozilla.org/security/advisories/mfsa2019-21/<br> https://www.mozilla.org/security/advisories/mfsa2019-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6.html">05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/"> <p>CVE-2019-11751: Malicious code execution through command line parameters</p> <p>CVE-2019-11746: Use-after-free while manipulating video</p> <p>CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML</p> <p>CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images</p> <p>CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service</p> <p>CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location</p> <p>CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB</p> <p>CVE-2019-9812: Sandbox escape through Firefox Sync</p> <p>CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com</p> <p>CVE-2019-11743: Cross-origin access to unload event attributes</p> <p>CVE-2019-11748: Persistence of WebRTC permissions in a third party context</p> <p>CVE-2019-11749: Camera information available without prompting using getUserMedia</p> <p>CVE-2019-5849: Out-of-bounds read in Skia</p> <p>CVE-2019-11750: Type confusion in Spidermonkey</p> <p>CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard</p> <p>CVE-2019-11738: Content security policy bypass through hash-based sources in directives</p> <p>CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list</p> <p>CVE-2019-11734: Memory safety bugs fixed in Firefox 69</p> <p>CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1</p> <p>CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9</p> </blockquote> <br>Discovery 2019-09-03<br>Entry 2019-09-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 69.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.14 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 61.0,1 lt 68.1.0,1</blockquote><br> <blockquote>< 60.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 61.0,2 lt 68.1.0,2</blockquote><br> <blockquote>< 60.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 61.0 lt 68.1.0</blockquote><br> <blockquote>< 60.9.0 </blockquote><br> CVE-2019-11734<br> CVE-2019-11735<br> CVE-2019-11736<br> CVE-2019-11737<br> CVE-2019-11738<br> CVE-2019-11740<br> CVE-2019-11741<br> CVE-2019-11742<br> CVE-2019-11743<br> CVE-2019-11744<br> CVE-2019-11746<br> CVE-2019-11747<br> CVE-2019-11748<br> CVE-2019-11749<br> CVE-2019-11750<br> CVE-2019-11751<br> CVE-2019-11752<br> CVE-2019-11753<br> CVE-2019-5849<br> CVE-2019-9812<br> https://www.mozilla.org/security/advisories/mfsa2019-25/<br> https://www.mozilla.org/security/advisories/mfsa2019-26/<br> https://www.mozilla.org/security/advisories/mfsa2019-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/555b244e-6b20-4546-851f-d8eb7d6c1ffa.html">555b244e-6b20-4546-851f-d8eb7d6c1ffa</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-08-08<br>Entry 2017-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 55.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.3.0 </blockquote><br> CVE-2017-7753<br> CVE-2017-7779<br> CVE-2017-7780<br> CVE-2017-7781<br> CVE-2017-7782<br> CVE-2017-7783<br> CVE-2017-7784<br> CVE-2017-7785<br> CVE-2017-7786<br> CVE-2017-7787<br> CVE-2017-7788<br> CVE-2017-7789<br> CVE-2017-7790<br> CVE-2017-7791<br> CVE-2017-7792<br> CVE-2017-7794<br> CVE-2017-7796<br> CVE-2017-7797<br> CVE-2017-7798<br> CVE-2017-7799<br> CVE-2017-7800<br> CVE-2017-7801<br> CVE-2017-7802<br> CVE-2017-7803<br> CVE-2017-7804<br> CVE-2017-7806<br> CVE-2017-7807<br> CVE-2017-7808<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html">e60169c4-aa86-46b0-8ae2-0d81f683df09</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-01-24<br>Entry 2017-01-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 51.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.48 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.7.0 </blockquote><br> CVE-2017-5373<br> CVE-2017-5374<br> CVE-2017-5375<br> CVE-2017-5376<br> CVE-2017-5377<br> CVE-2017-5378<br> CVE-2017-5379<br> CVE-2017-5380<br> CVE-2017-5381<br> CVE-2017-5382<br> CVE-2017-5383<br> CVE-2017-5384<br> CVE-2017-5385<br> CVE-2017-5386<br> CVE-2017-5387<br> CVE-2017-5388<br> CVE-2017-5389<br> CVE-2017-5390<br> CVE-2017-5391<br> CVE-2017-5392<br> CVE-2017-5393<br> CVE-2017-5394<br> CVE-2017-5395<br> CVE-2017-5396<br> https://www.mozilla.org/security/advisories/mfsa2017-01/<br> https://www.mozilla.org/security/advisories/mfsa2017-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html">1098a15b-b0f6-42b7-b5c7-8a8646e8be07</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>CVE-2017-7793: Use-after-free with Fetch API</p> <p>CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode</p> <p>CVE-2017-7818: Use-after-free during ARIA array manipulation</p> <p>CVE-2017-7819: Use-after-free while resizing images in design mode</p> <p>CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE</p> <p>CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes</p> <p>CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files</p> <p>CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings</p> <p>CVE-2017-7813: Integer truncation in the JavaScript parser</p> <p>CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces</p> <p>CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations</p> <p>CVE-2017-7816: WebExtensions can load about: URLs in extension UI</p> <p>CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction</p> <p>CVE-2017-7823: CSP sandbox directive did not create a unique origin</p> <p>CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV</p> <p>CVE-2017-7820: Xray wrapper bypass with new tab and web console</p> <p>CVE-2017-7811: Memory safety bugs fixed in Firefox 56</p> <p>CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4</p> </blockquote> <br>Discovery 2017-09-28<br>Entry 2017-09-29<br>Modified 2017-10-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.4.0 </blockquote><br> CVE-2017-7793<br> CVE-2017-7805<br> CVE-2017-7810<br> CVE-2017-7811<br> CVE-2017-7812<br> CVE-2017-7813<br> CVE-2017-7814<br> CVE-2017-7815<br> CVE-2017-7816<br> CVE-2017-7817<br> CVE-2017-7818<br> CVE-2017-7819<br> CVE-2017-7820<br> CVE-2017-7821<br> CVE-2017-7822<br> CVE-2017-7823<br> CVE-2017-7824<br> CVE-2017-7825<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/512c0ffd-cd39-4da4-b2dc-81ff4ba8e238.html">512c0ffd-cd39-4da4-b2dc-81ff4ba8e238</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"> <p>CVE-2016-9894: Buffer overflow in SkiaGL</p> <p>CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements</p> <p>CVE-2016-9895: CSP bypass using marquee tag</p> <p>CVE-2016-9896: Use-after-free with WebVR</p> <p>CVE-2016-9897: Memory corruption in libGLES</p> <p>CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees</p> <p>CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs</p> <p>CVE-2016-9904: Cross-origin information leak in shared atoms</p> <p>CVE-2016-9901: Data from Pocket server improperly sanitized before execution</p> <p>CVE-2016-9902: Pocket extension does not validate the origin of events</p> <p>CVE-2016-9903: XSS injection vulnerability in add-ons SDK</p> <p>CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1</p> <p>CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6</p> </blockquote> <br>Discovery 2016-12-13<br>Entry 2016-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.1.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.6.0 </blockquote><br> CVE-2016-9894<br> CVE-2016-9899<br> CVE-2016-9895<br> CVE-2016-9896<br> CVE-2016-9897<br> CVE-2016-9898<br> CVE-2016-9900<br> CVE-2016-9904<br> CVE-2016-9901<br> CVE-2016-9902<br> CVE-2016-9903<br> CVE-2016-9080<br> CVE-2016-9893<br> https://www.mozilla.org/security/advisories/mfsa2016-94/<br> https://www.mozilla.org/security/advisories/mfsa2016-95/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html">a891c5b4-3d7a-4de9-9c71-eef3fd698c77</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"> <p>CVE-2018-5091: Use-after-free with DTMF timers</p> <p>CVE-2018-5092: Use-after-free in Web Workers</p> <p>CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing</p> <p>CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory</p> <p>CVE-2018-5095: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-5097: Use-after-free when source document is manipulated during XSLT</p> <p>CVE-2018-5098: Use-after-free while manipulating form input elements</p> <p>CVE-2018-5099: Use-after-free with widget listener</p> <p>CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory</p> <p>CVE-2018-5101: Use-after-free with floating first-letter style elements</p> <p>CVE-2018-5102: Use-after-free in HTML media elements</p> <p>CVE-2018-5103: Use-after-free during mouse event handling</p> <p>CVE-2018-5104: Use-after-free during font face manipulation</p> <p>CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts</p> <p>CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker</p> <p>CVE-2018-5107: Printing process will follow symlinks for local file access</p> <p>CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs</p> <p>CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution</p> <p>CVE-2018-5110: Cursor can be made invisible on OS X</p> <p>CVE-2018-5111: URL spoofing in addressbar through drag and drop</p> <p>CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel</p> <p>CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow</p> <p>CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts</p> <p>CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs</p> <p>CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access</p> <p>CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right</p> <p>CVE-2018-5118: Activity Stream images can attempt to load local content through file:</p> <p>CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers</p> <p>CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar</p> <p>CVE-2018-5122: Potential integer overflow in DoCrypt</p> <p>CVE-2018-5090: Memory safety bugs fixed in Firefox 58</p> <p>CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</p> </blockquote> <br>Discovery 2018-01-23<br>Entry 2018-01-23<br>Modified 2018-01-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 58.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.3.63 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.6.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.6.0 </blockquote><br> CVE-2018-5089<br> CVE-2018-5090<br> CVE-2018-5091<br> CVE-2018-5092<br> CVE-2018-5093<br> CVE-2018-5094<br> CVE-2018-5095<br> CVE-2018-5097<br> CVE-2018-5098<br> CVE-2018-5099<br> CVE-2018-5100<br> CVE-2018-5101<br> CVE-2018-5102<br> CVE-2018-5103<br> CVE-2018-5104<br> CVE-2018-5105<br> CVE-2018-5106<br> CVE-2018-5107<br> CVE-2018-5108<br> CVE-2018-5109<br> CVE-2018-5110<br> CVE-2018-5111<br> CVE-2018-5112<br> CVE-2018-5113<br> CVE-2018-5114<br> CVE-2018-5115<br> CVE-2018-5116<br> CVE-2018-5117<br> CVE-2018-5118<br> CVE-2018-5119<br> CVE-2018-5121<br> CVE-2018-5122<br> https://www.mozilla.org/security/advisories/mfsa2018-02/<br> https://www.mozilla.org/security/advisories/mfsa2018-03/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html">5e0a038a-ca30-416d-a2f5-38cbf5e7df33</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-04-19<br>Entry 2017-04-19<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 53.0_2,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.1.0_2,1</blockquote><br> <blockquote>< 45.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.1.0,2</blockquote><br> <blockquote>< 45.9.0,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> CVE-2017-5433<br> CVE-2017-5435<br> CVE-2017-5436<br> CVE-2017-5461<br> CVE-2017-5459<br> CVE-2017-5466<br> CVE-2017-5434<br> CVE-2017-5432<br> CVE-2017-5460<br> CVE-2017-5438<br> CVE-2017-5439<br> CVE-2017-5440<br> CVE-2017-5441<br> CVE-2017-5442<br> CVE-2017-5464<br> CVE-2017-5443<br> CVE-2017-5444<br> CVE-2017-5446<br> CVE-2017-5447<br> CVE-2017-5465<br> CVE-2017-5448<br> CVE-2017-5437<br> CVE-2017-5454<br> CVE-2017-5455<br> CVE-2017-5456<br> CVE-2017-5469<br> CVE-2017-5445<br> CVE-2017-5449<br> CVE-2017-5450<br> CVE-2017-5451<br> CVE-2017-5462<br> CVE-2017-5463<br> CVE-2017-5467<br> CVE-2017-5452<br> CVE-2017-5453<br> CVE-2017-5458<br> CVE-2017-5468<br> CVE-2017-5430<br> CVE-2017-5429<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/<br> </td></tr> </table> </body> </html>