FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cd81806c-26e7-4d4a-8425-02724a2f48afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9


Discovery 2018-06-26
Entry 2018-06-26
Modified 2018-07-07
firefox
< 61.0_1,1

waterfox
< 56.2.1.19_2

seamonkey
linux-seamonkey
< 2.49.4

firefox-esr
ge 60.0,1 lt 60.1.0_1,1

< 52.9.0_1,1

linux-firefox
< 52.9.0,2

libxul
thunderbird
linux-thunderbird
< 52.9.0

CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
237a201c-888b-487f-84d3-7d92266381d6mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-95 Add-on notification bypass through data URLs

MFSA 2015-94 Use-after-free when resizing canvas element during restyling


Discovery 2015-08-27
Entry 2015-08-28
firefox
< 40.0.3,1

linux-firefox
< 40.0.3,1

firefox-esr
< 38.2.1,1

CVE-2015-4497
CVE-2015-4498
https://www.mozilla.org/security/advisories/mfsa2015-94/
https://www.mozilla.org/security/advisories/mfsa2015-95/
1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects


Discovery 2014-02-04
Entry 2014-02-04
firefox
gt 25.0,1 lt 27.0,1

< 24.3.0,1

linux-firefox
< 27.0,1

linux-seamonkey
< 2.24

linux-thunderbird
< 24.3.0

seamonkey
< 2.24

thunderbird
< 24.3.0

CVE-2014-1477
CVE-2014-1478
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1484
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
https://www.mozilla.org/security/announce/2014/mfsa2014-01.html
https://www.mozilla.org/security/announce/2014/mfsa2014-02.html
https://www.mozilla.org/security/announce/2014/mfsa2014-03.html
https://www.mozilla.org/security/announce/2014/mfsa2014-04.html
https://www.mozilla.org/security/announce/2014/mfsa2014-05.html
https://www.mozilla.org/security/announce/2014/mfsa2014-06.html
https://www.mozilla.org/security/announce/2014/mfsa2014-07.html
https://www.mozilla.org/security/announce/2014/mfsa2014-08.html
https://www.mozilla.org/security/announce/2014/mfsa2014-09.html
https://www.mozilla.org/security/announce/2014/mfsa2014-10.html
https://www.mozilla.org/security/announce/2014/mfsa2014-11.html
https://www.mozilla.org/security/announce/2014/mfsa2014-12.html
http://www.mozilla.org/security/known-vulnerabilities/
d9b43004-f5fd-4807-b1d7-dbf66455b244mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer

MFSA-2015-48 Buffer overflow with SVG content and CSS

MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu

MFSA-2015-50 Out-of-bounds read and write in asm.js validation

MFSA-2015-51 Use-after-free during text processing with vertical text enabled

MFSA-2015-52 Sensitive URL encoded information written to Android logcat

MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown

MFSA-2015-54 Buffer overflow when parsing compressed XML

MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata

MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses

MFSA-2015-57 Privilege escalation through IPC channel messages

MFSA-2015-58 Mozilla Windows updater can be run outside of application directory

MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata


Discovery 2015-05-12
Entry 2015-05-12
Modified 2015-08-28
firefox
< 38.0,1

linux-firefox
< 38.0,1

seamonkey
< 2.35

linux-seamonkey
< 2.35

firefox-esr
< 31.7.0,1

libxul
< 31.7.0

ge 32.0 lt 38.0

thunderbird
< 31.7.0

ge 32.0 lt 38.0

linux-thunderbird
< 31.7.0

ge 32.0 lt 38.0

CVE-2011-3079
CVE-2015-0797
CVE-2015-0833
CVE-2015-2708
CVE-2015-2709
CVE-2015-2710
CVE-2015-2711
CVE-2015-2712
CVE-2015-2713
CVE-2015-2714
CVE-2015-2715
CVE-2015-2716
CVE-2015-2717
CVE-2015-2718
CVE-2015-2720
CVE-2015-4496
https://www.mozilla.org/security/advisories/mfsa2015-46/
https://www.mozilla.org/security/advisories/mfsa2015-47/
https://www.mozilla.org/security/advisories/mfsa2015-48/
https://www.mozilla.org/security/advisories/mfsa2015-49/
https://www.mozilla.org/security/advisories/mfsa2015-50/
https://www.mozilla.org/security/advisories/mfsa2015-51/
https://www.mozilla.org/security/advisories/mfsa2015-52/
https://www.mozilla.org/security/advisories/mfsa2015-53/
https://www.mozilla.org/security/advisories/mfsa2015-54/
https://www.mozilla.org/security/advisories/mfsa2015-55/
https://www.mozilla.org/security/advisories/mfsa2015-56/
https://www.mozilla.org/security/advisories/mfsa2015-57/
https://www.mozilla.org/security/advisories/mfsa2015-58/
https://www.mozilla.org/security/advisories/mfsa2015-93/
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

libbrotli
< 0.3.0_3

chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
c4f39920-781f-4aeb-b6af-17ed566c4272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12386: Type confusion in JavaScript

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

CVE-2018-12387:

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.


Discovery 2018-10-02
Entry 2018-10-02
Modified 2019-07-23
firefox
< 62.0.3,1

waterfox
< 56.2.4

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.2.2,1

linux-firefox
< 60.2.2,2

libxul
thunderbird
linux-thunderbird
< 60.2.2

CVE-2018-12386
CVE-2018-12387
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
6cec1b0a-da15-467d-8691-1dea392d4c8dmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-06-13
Entry 2017-06-13
Modified 2017-09-19
firefox
< 54.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.2.0,1

linux-firefox
< 52.2.0,2

libxul
thunderbird
linux-thunderbird
< 52.2.0

CVE-2017-5470
CVE-2017-5471
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
18f39fb6-7400-4063-acaf-0806e92c094fMozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports:

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.


Discovery 2016-11-30
Entry 2016-12-01
Modified 2016-12-16
firefox
< 50.0.2,1

firefox-esr
< 45.5.1,1

linux-firefox
< 45.5.1,2

seamonkey
< 2.46

linux-seamonkey
< 2.46

libxul
< 45.5.1

thunderbird
< 45.5.1

linux-thunderbird
< 45.5.1

CVE-2016-9079
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
b7e23050-2d5d-4e61-9b48-62e89db222camozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

CVE-2017-7844: Visited history information leak through SVG image


Discovery 2017-11-29
Entry 2017-12-05
firefox
ge 57.0,1 lt 57.0.1,1

< 56.0.2_11,1

waterfox
< 56.0.s20171130

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.1,1

linux-firefox
< 52.5.1,2

CVE-2017-7843
CVE-2017-7844
https://www.mozilla.org/security/advisories/mfsa2017-27/
adffe823-e692-4921-ae9c-0b825c218372graphite2 -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-14
graphite2
< 1.3.6

linux-firefox
< 45.0,1

linux-thunderbird
< 38.7.0

linux-seamonkey
< 2.42

https://www.mozilla.org/security/advisories/mfsa2016-37/
https://www.mozilla.org/security/advisories/mfsa2016-38/
CVE-2016-1969
CVE-2016-1977
CVE-2016-2790
CVE-2016-2791
CVE-2016-2792
CVE-2016-2793
CVE-2016-2794
CVE-2016-2795
CVE-2016-2796
CVE-2016-2797
CVE-2016-2798
CVE-2016-2799
CVE-2016-2800
CVE-2016-2801
CVE-2016-2802
48108fb0-751c-4cbb-8f33-09239ead4b55NSS -- RSA Signature Forgery

The Mozilla Project reports:

Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.


Discovery 2014-09-23
Entry 2014-09-25
linux-firefox
< 32.0.3,1

linux-thunderbird
< 31.1.2

linux-seamonkey
< 2.29.1

nss
< 3.17.1

linux-c6-nss
< 3.16.1

CVE-2014-1568
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
4f00dac0-1e18-4481-95af-7aaad63fd303mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

MFSA 2016-02 Out of Memory crash when parsing GIF format images

MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation

MFSA 2016-04 Firefox allows for control characters to be set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

MFSA 2016-11 Application Reputation service disabled in Firefox 43


Discovery 2016-01-26
Entry 2016-02-01
Modified 2016-03-08
firefox
linux-firefox
< 44.0,1

seamonkey
linux-seamonkey
< 2.41

firefox-esr
< 38.6.0,1

libxul
thunderbird
linux-thunderbird
< 38.6.0

CVE-2015-7208
CVE-2016-1930
CVE-2016-1931
CVE-2016-1933
CVE-2016-1935
CVE-2016-1937
CVE-2016-1939
CVE-2016-1942
CVE-2016-1943
CVE-2016-1944
CVE-2016-1945
CVE-2016-1946
CVE-2016-1947
https://www.mozilla.org/security/advisories/mfsa2016-01/
https://www.mozilla.org/security/advisories/mfsa2016-02/
https://www.mozilla.org/security/advisories/mfsa2016-03/
https://www.mozilla.org/security/advisories/mfsa2016-04/
https://www.mozilla.org/security/advisories/mfsa2016-06/
https://www.mozilla.org/security/advisories/mfsa2016-09/
https://www.mozilla.org/security/advisories/mfsa2016-10/
https://www.mozilla.org/security/advisories/mfsa2016-11/
8eee06d4-c21d-4f07-a669-455151ff426fmozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-78 Same origin violation and local file stealing via PDF reader


Discovery 2015-08-06
Entry 2015-08-07
firefox
< 39.0.3,1

linux-firefox
< 39.0.3,1

firefox-esr
< 38.1.1,1

CVE-2015-4495
https://www.mozilla.org/security/advisories/mfsa2015-78/
555b244e-6b20-4546-851f-d8eb7d6c1ffamozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-08-08
Entry 2017-08-08
firefox
< 55.0,1

seamonkey
linux-seamonkey
< 2.49.1

firefox-esr
< 52.3.0,1

linux-firefox
< 52.3.0,2

libxul
thunderbird
linux-thunderbird
< 52.3.0

CVE-2017-7753
CVE-2017-7779
CVE-2017-7780
CVE-2017-7781
CVE-2017-7782
CVE-2017-7783
CVE-2017-7784
CVE-2017-7785
CVE-2017-7786
CVE-2017-7787
CVE-2017-7788
CVE-2017-7789
CVE-2017-7790
CVE-2017-7791
CVE-2017-7792
CVE-2017-7794
CVE-2017-7796
CVE-2017-7797
CVE-2017-7798
CVE-2017-7799
CVE-2017-7800
CVE-2017-7801
CVE-2017-7802
CVE-2017-7803
CVE-2017-7804
CVE-2017-7806
CVE-2017-7807
CVE-2017-7808
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
0592f49f-b3b8-4260-b648-d1718762656cmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9811: Sandbox escape via installation of malicious language pack

CVE-2019-11711: Script injection within domain through inner window reuse

CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

CVE-2019-11713: Use-after-free with HTTP/2 cached stream

CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread

CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

CVE-2019-11715: HTML parsing error can contribute to content XSS

CVE-2019-11716: globalThis not enumerable until accessed

CVE-2019-11717: Caret character improperly escaped in origins

CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML

CVE-2019-11719: Out-of-bounds read when importing curve25519 private key

CVE-2019-11720: Character encoding XSS vulnerability

CVE-2019-11721: Domain spoofing through unicode latin 'kra' character

CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin

CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries

CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions

CVE-2019-11725: Websocket resources bypass safebrowsing protections

CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3

CVE-2019-11728: Port scanning through Alt-Svc header

CVE-2019-11710: Memory safety bugs fixed in Firefox 68

CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8


Discovery 2019-07-09
Entry 2019-07-09
Modified 2019-07-23
firefox
< 68.0_4,1

waterfox
< 56.2.12

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.8.0,1

linux-firefox
< 60.8.0,2

libxul
thunderbird
linux-thunderbird
< 60.8.0

CVE-2019-11709
CVE-2019-11710
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11714
CVE-2019-11715
CVE-2019-11716
CVE-2019-11717
CVE-2019-11718
CVE-2019-11719
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11729
CVE-2019-11730
CVE-2019-9811
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
< 48.0,1

seamonkey
linux-seamonkey
< 2.45

firefox-esr
< 45.3.0,1

linux-firefox
< 45.3.0,2

libxul
thunderbird
linux-thunderbird
< 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
a891c5b4-3d7a-4de9-9c71-eef3fd698c77mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-5091: Use-after-free with DTMF timers

CVE-2018-5092: Use-after-free in Web Workers

CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing

CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory

CVE-2018-5095: Integer overflow in Skia library during edge builder allocation

CVE-2018-5097: Use-after-free when source document is manipulated during XSLT

CVE-2018-5098: Use-after-free while manipulating form input elements

CVE-2018-5099: Use-after-free with widget listener

CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory

CVE-2018-5101: Use-after-free with floating first-letter style elements

CVE-2018-5102: Use-after-free in HTML media elements

CVE-2018-5103: Use-after-free during mouse event handling

CVE-2018-5104: Use-after-free during font face manipulation

CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts

CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker

CVE-2018-5107: Printing process will follow symlinks for local file access

CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs

CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution

CVE-2018-5110: Cursor can be made invisible on OS X

CVE-2018-5111: URL spoofing in addressbar through drag and drop

CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel

CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow

CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts

CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs

CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access

CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right

CVE-2018-5118: Activity Stream images can attempt to load local content through file:

CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers

CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar

CVE-2018-5122: Potential integer overflow in DoCrypt

CVE-2018-5090: Memory safety bugs fixed in Firefox 58

CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6


Discovery 2018-01-23
Entry 2018-01-23
Modified 2018-01-29
firefox
< 58.0_1,1

waterfox
< 56.0.3.63

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.6.0_1,1

linux-firefox
< 52.6.0,2

libxul
thunderbird
linux-thunderbird
< 52.6.0

CVE-2018-5089
CVE-2018-5090
CVE-2018-5091
CVE-2018-5092
CVE-2018-5093
CVE-2018-5094
CVE-2018-5095
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5100
CVE-2018-5101
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5105
CVE-2018-5106
CVE-2018-5107
CVE-2018-5108
CVE-2018-5109
CVE-2018-5110
CVE-2018-5111
CVE-2018-5112
CVE-2018-5113
CVE-2018-5114
CVE-2018-5115
CVE-2018-5116
CVE-2018-5117
CVE-2018-5118
CVE-2018-5119
CVE-2018-5121
CVE-2018-5122
https://www.mozilla.org/security/advisories/mfsa2018-02/
https://www.mozilla.org/security/advisories/mfsa2018-03/
b1f7d52f-fc42-48e8-8403-87d4c9d26229mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-18500: Use-after-free parsing HTML5 stream

CVE-2018-18503: Memory corruption with Audio Buffer

CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer

CVE-2018-18505: Privilege escalation through IPC channel messages

CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied

CVE-2018-18502: Memory safety bugs fixed in Firefox 65

CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5


Discovery 2019-01-29
Entry 2019-01-29
Modified 2019-07-23
firefox
< 65.0_1,1

waterfox
< 56.2.7

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.5.0_1,1

linux-firefox
< 60.5.0,2

libxul
thunderbird
linux-thunderbird
< 60.5.0

CVE-2018-18500
CVE-2018-18501
CVE-2018-18502
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2018-18506
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
2d56c7f4-b354-428f-8f48-38150c607a05mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme

MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-106 Use-after-free while manipulating HTML media content

MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API


Discovery 2015-09-22
Entry 2015-09-22
firefox
< 41.0,1

linux-firefox
< 41.0,1

seamonkey
< 2.38

linux-seamonkey
< 2.38

firefox-esr
< 38.3.0,1

libxul
< 38.3.0

thunderbird
< 38.3.0

linux-thunderbird
< 38.3.0

CVE-2015-4476
CVE-2015-4500
CVE-2015-4501
CVE-2015-4502
CVE-2015-4503
CVE-2015-4504
CVE-2015-4505
CVE-2015-4506
CVE-2015-4507
CVE-2015-4508
CVE-2015-4509
CVE-2015-4510
CVE-2015-4512
CVE-2015-4516
CVE-2015-4517
CVE-2015-4519
CVE-2015-4520
CVE-2015-4521
CVE-2015-4522
CVE-2015-7174
CVE-2015-7175
CVE-2015-7176
CVE-2015-7177
CVE-2015-7178
CVE-2015-7179
CVE-2015-7180
https://www.mozilla.org/security/advisories/mfsa2015-96/
https://www.mozilla.org/security/advisories/mfsa2015-97/
https://www.mozilla.org/security/advisories/mfsa2015-98/
https://www.mozilla.org/security/advisories/mfsa2015-99/
https://www.mozilla.org/security/advisories/mfsa2015-100/
https://www.mozilla.org/security/advisories/mfsa2015-101/
https://www.mozilla.org/security/advisories/mfsa2015-102/
https://www.mozilla.org/security/advisories/mfsa2015-103/
https://www.mozilla.org/security/advisories/mfsa2015-104/
https://www.mozilla.org/security/advisories/mfsa2015-105/
https://www.mozilla.org/security/advisories/mfsa2015-106/
https://www.mozilla.org/security/advisories/mfsa2015-107/
https://www.mozilla.org/security/advisories/mfsa2015-108/
https://www.mozilla.org/security/advisories/mfsa2015-109/
https://www.mozilla.org/security/advisories/mfsa2015-110/
https://www.mozilla.org/security/advisories/mfsa2015-111/
https://www.mozilla.org/security/advisories/mfsa2015-112/
https://www.mozilla.org/security/advisories/mfsa2015-113/
https://www.mozilla.org/security/advisories/mfsa2015-114/
f78eac48-c3d1-4666-8de5-63ceea25a578mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7828: Use-after-free of PressShell while restyling layout

CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects

CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers

CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters

CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections

CVE-2017-7835: Mixed content blocking incorrectly applies with redirects

CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X

CVE-2017-7837: SVG loaded as can use meta tags to set cookies

CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN

CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism

CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags

CVE-2017-7842: Referrer Policy is not always respected for elements

CVE-2017-7827: Memory safety bugs fixed in Firefox 57

CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5


Discovery 2017-11-14
Entry 2017-11-14
firefox
< 56.0.2_10,1

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.0,1

linux-firefox
< 52.5.0,2

libxul
thunderbird
linux-thunderbird
< 52.5.0

CVE-2017-7826
CVE-2017-7827
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
https://www.mozilla.org/security/advisories/mfsa2017-24/
https://www.mozilla.org/security/advisories/mfsa2017-25/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -