FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f78eac48-c3d1-4666-8de5-63ceea25a578	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections CVE-2017-7835: Mixed content blocking incorrectly applies with redirects CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X CVE-2017-7837: SVG loaded as can use meta tags to set cookies CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags CVE-2017-7842: Referrer Policy is not always respected for elements CVE-2017-7827: Memory safety bugs fixed in Firefox 57 CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 Discovery 2017-11-14 Entry 2017-11-14 firefox < 56.0.2_10,1 seamonkey linux-seamonkey < 2.49.2 firefox-esr < 52.5.0,1 linux-firefox < 52.5.0,2 libxul thunderbird linux-thunderbird < 52.5.0 CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 CVE-2017-7840 CVE-2017-7842 https://www.mozilla.org/security/advisories/mfsa2017-24/ https://www.mozilla.org/security/advisories/mfsa2017-25/
1098a15b-b0f6-42b7-b5c7-8a8646e8be07	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7813: Integer truncation in the JavaScript parser CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations CVE-2017-7816: WebExtensions can load about: URLs in extension UI CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV CVE-2017-7820: Xray wrapper bypass with new tab and web console CVE-2017-7811: Memory safety bugs fixed in Firefox 56 CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 Discovery 2017-09-28 Entry 2017-09-29 Modified 2017-10-03 firefox < 56.0,1 seamonkey linux-seamonkey < 2.49.1 firefox-esr < 52.4.0,1 linux-firefox < 52.4.0,2 libxul thunderbird linux-thunderbird < 52.4.0 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7811 CVE-2017-7812 CVE-2017-7813 CVE-2017-7814 CVE-2017-7815 CVE-2017-7816 CVE-2017-7817 CVE-2017-7818 CVE-2017-7819 CVE-2017-7820 CVE-2017-7821 CVE-2017-7822 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
512c0ffd-cd39-4da4-b2dc-81ff4ba8e238	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs CVE-2016-9904: Cross-origin information leak in shared atoms CVE-2016-9901: Data from Pocket server improperly sanitized before execution CVE-2016-9902: Pocket extension does not validate the origin of events CVE-2016-9903: XSS injection vulnerability in add-ons SDK CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 Discovery 2016-12-13 Entry 2016-12-14 firefox < 50.1.0_1,1 seamonkey linux-seamonkey < 2.47 firefox-esr < 45.6.0,1 linux-firefox < 45.6.0,2 libxul thunderbird linux-thunderbird < 45.6.0 CVE-2016-9894 CVE-2016-9899 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9900 CVE-2016-9904 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9080 CVE-2016-9893 https://www.mozilla.org/security/advisories/mfsa2016-94/ https://www.mozilla.org/security/advisories/mfsa2016-95/
2c57c47e-8bb3-4694-83c8-9fc3abad3964	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low] CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] CVE-2016-5281 - use-after-free in DOMSVGLength [high] CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate] CVE-2016-5283 - fragment timing attack can reveal cross-origin data [high]</p> <p>CVE-2016-5284 - Add-on update site certificate pin expiration [high]</p> </blockquote> <br>Discovery 2016-09-13<br>Entry 2016-09-20<br>Modified 2016-10-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 49.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.4.0 </blockquote><br> CVE-2016-2827<br> CVE-2016-5256<br> CVE-2016-5257<br> CVE-2016-5270<br> CVE-2016-5271<br> CVE-2016-5272<br> CVE-2016-5273<br> CVE-2016-5274<br> CVE-2016-5275<br> CVE-2016-5276<br> CVE-2016-5277<br> CVE-2016-5278<br> CVE-2016-5279<br> CVE-2016-5280<br> CVE-2016-5281<br> CVE-2016-5282<br> CVE-2016-5283<br> CVE-2016-5284<br> https://www.mozilla.org/security/advisories/mfsa2016-85/<br> https://www.mozilla.org/security/advisories/mfsa2016-86/<br> https://www.mozilla.org/security/advisories/mfsa2016-88/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html">44b6dfbf-4ef7-4d52-ad52-2b1b05d81272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"> <p>CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS</p> <p>CVE-2019-9816: Type confusion with object groups and UnboxedObjects</p> <p>CVE-2019-9817: Stealing of cross-domain images using canvas</p> <p>CVE-2019-9818: Use-after-free in crash generation server</p> <p>CVE-2019-9819: Compartment mismatch with fetch API</p> <p>CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell</p> <p>CVE-2019-9821: Use-after-free in AssertWorkerThread</p> <p>CVE-2019-11691: Use-after-free in XMLHttpRequest</p> <p>CVE-2019-11692: Use-after-free removing listeners in the event listener manager</p> <p>CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux</p> <p>CVE-2019-7317: Use-after-free in png_image_free of libpng library</p> <p>CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox</p> <p>CVE-2019-11695: Custom cursor can render over user interface outside of web content</p> <p>CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts</p> <p>CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions</p> <p>CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks</p> <p>CVE-2019-11700: res: protocol can be used to open known local files</p> <p>CVE-2019-11699: Incorrect domain name highlighting during page navigation</p> <p>CVE-2019-11701: webcal: protocol default handler loads vulnerable web page</p> <p>CVE-2019-9814: Memory safety bugs fixed in Firefox 67</p> <p>CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7</p> </blockquote> <br>Discovery 2019-05-21<br>Entry 2019-05-22<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 67.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.10 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.7.0 </blockquote><br> CVE-2019-9815<br> CVE-2019-9816<br> CVE-2019-9817<br> CVE-2019-9818<br> CVE-2019-9819<br> CVE-2019-9820<br> CVE-2019-9821<br> CVE-2019-11691<br> CVE-2019-11692<br> CVE-2019-11693<br> CVE-2019-7317<br> CVE-2019-11694<br> CVE-2019-11695<br> CVE-2019-11696<br> CVE-2019-11697<br> CVE-2019-11698<br> CVE-2019-11700<br> CVE-2019-11699<br> CVE-2019-11701<br> CVE-2019-9814<br> CVE-2019-9800<br> https://www.mozilla.org/security/advisories/mfsa2019-13/<br> https://www.mozilla.org/security/advisories/mfsa2019-14/<br> https://www.mozilla.org/security/advisories/mfsa2019-15/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html">5e0a038a-ca30-416d-a2f5-38cbf5e7df33</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-04-19<br>Entry 2017-04-19<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 53.0_2,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.1.0_2,1</blockquote><br> <blockquote>< 45.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.1.0,2</blockquote><br> <blockquote>< 45.9.0,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> CVE-2017-5433<br> CVE-2017-5435<br> CVE-2017-5436<br> CVE-2017-5461<br> CVE-2017-5459<br> CVE-2017-5466<br> CVE-2017-5434<br> CVE-2017-5432<br> CVE-2017-5460<br> CVE-2017-5438<br> CVE-2017-5439<br> CVE-2017-5440<br> CVE-2017-5441<br> CVE-2017-5442<br> CVE-2017-5464<br> CVE-2017-5443<br> CVE-2017-5444<br> CVE-2017-5446<br> CVE-2017-5447<br> CVE-2017-5465<br> CVE-2017-5448<br> CVE-2017-5437<br> CVE-2017-5454<br> CVE-2017-5455<br> CVE-2017-5456<br> CVE-2017-5469<br> CVE-2017-5445<br> CVE-2017-5449<br> CVE-2017-5450<br> CVE-2017-5451<br> CVE-2017-5462<br> CVE-2017-5463<br> CVE-2017-5467<br> CVE-2017-5452<br> CVE-2017-5453<br> CVE-2017-5458<br> CVE-2017-5468<br> CVE-2017-5430<br> CVE-2017-5429<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/23f59689-0152-42d3-9ade-1658d6380567.html">23f59689-0152-42d3-9ade-1658d6380567</a></td><td>mozilla -- use-after-free in compositor<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/"> <h1>CVE-2018-5148: Use-after-free in compositor</h1> <p>A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.</p> </blockquote> <br>Discovery 2018-03-26<br>Entry 2018-03-27<br>Modified 2018-03-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0.2,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.3,2 </blockquote><br> libxul<br> <blockquote>< 52.7.3 </blockquote><br> linux-thunderbird<br> <blockquote>< 52.7.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 52.7.0_1 </blockquote><br> CVE-2018-5148<br> https://www.mozilla.org/security/advisories/mfsa2018-10/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html">cd81806c-26e7-4d4a-8425-02724a2f48af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"> <p>CVE-2018-12359: Buffer overflow using computed size of canvas element</p> <p>CVE-2018-12360: Use-after-free when using focus()</p> <p>CVE-2018-12361: Integer overflow in SwizzleData</p> <p>CVE-2018-12358: Same-origin bypass using service worker and redirection</p> <p>CVE-2018-12362: Integer overflow in SSSE3 scaler</p> <p>CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture</p> <p>CVE-2018-12363: Use-after-free when appending DOM nodes</p> <p>CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins</p> <p>CVE-2018-12365: Compromised IPC child process can list local filenames</p> <p>CVE-2018-12371: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-12366: Invalid data handling during QCMS transformations</p> <p>CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming</p> <p>CVE-2018-12368: No warning when opening executable SettingContent-ms files</p> <p>CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments</p> <p>CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View</p> <p>CVE-2018-5186: Memory safety bugs fixed in Firefox 61</p> <p>CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1</p> <p>CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9</p> </blockquote> <br>Discovery 2018-06-26<br>Entry 2018-06-26<br>Modified 2018-07-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 61.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.1.19_2 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 60.0,1 lt 60.1.0_1,1</blockquote><br> <blockquote>< 52.9.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.9.0 </blockquote><br> CVE-2018-12362<br> CVE-2018-5156<br> CVE-2018-5186<br> CVE-2018-5187<br> CVE-2018-5188<br> CVE-2018-12358<br> CVE-2018-12359<br> CVE-2018-12360<br> CVE-2018-12361<br> CVE-2018-12363<br> CVE-2018-12364<br> CVE-2018-12365<br> CVE-2018-12366<br> CVE-2018-12367<br> CVE-2018-12368<br> CVE-2018-12369<br> CVE-2018-12370<br> CVE-2018-12371<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/96eca031-1313-4daf-9be2-9d6e1c4f1eb5.html">96eca031-1313-4daf-9be2-9d6e1c4f1eb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-03-07<br>Entry 2017-03-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 52.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.0,1</blockquote><br> <blockquote>< 45.8.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.0,2</blockquote><br> <blockquote>< 45.8.0_1,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0_1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0 </blockquote><br> CVE-2017-5400<br> CVE-2017-5401<br> CVE-2017-5402<br> CVE-2017-5403<br> CVE-2017-5404<br> CVE-2017-5406<br> CVE-2017-5407<br> CVE-2017-5410<br> CVE-2017-5411<br> CVE-2017-5409<br> CVE-2017-5408<br> CVE-2017-5412<br> CVE-2017-5413<br> CVE-2017-5414<br> CVE-2017-5415<br> CVE-2017-5416<br> CVE-2017-5417<br> CVE-2017-5425<br> CVE-2017-5426<br> CVE-2017-5427<br> CVE-2017-5418<br> CVE-2017-5419<br> CVE-2017-5420<br> CVE-2017-5405<br> CVE-2017-5421<br> CVE-2017-5422<br> CVE-2017-5399<br> CVE-2017-5398<br> https://www.mozilla.org/security/advisories/mfsa2017-05/<br> https://www.mozilla.org/security/advisories/mfsa2017-06/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05da6b56-3e66-4306-9ea3-89fafe939726.html">05da6b56-3e66-4306-9ea3-89fafe939726</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/"> <p>CVE-2019-9790: Use-after-free when removing in-use DOM elements</p> <p>CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey</p> <p>CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script</p> <p>CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled</p> <p>CVE-2019-9794: Command line arguments not discarded during execution</p> <p>CVE-2019-9795: Type-confusion in IonMonkey JIT compiler</p> <p>CVE-2019-9796: Use-after-free with SMIL animation controller</p> <p>CVE-2019-9797: Cross-origin theft of images with createImageBitmap</p> <p>CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location</p> <p>CVE-2019-9799: Information disclosure via IPC channel messages</p> <p>CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content</p> <p>CVE-2019-9802: Chrome process information leak</p> <p>CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation</p> <p>CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS</p> <p>CVE-2019-9805: Potential use of uninitialized memory in Prio</p> <p>CVE-2019-9806: Denial of service through successive FTP authorization prompts</p> <p>CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages</p> <p>CVE-2019-9809: Denial of service through FTP modal alert error messages</p> <p>CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs</p> <p>CVE-2019-9789: Memory safety bugs fixed in Firefox 66</p> <p>CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6</p> </blockquote> <br>Discovery 2019-03-19<br>Entry 2019-03-19<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 66.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.9 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.6.0 </blockquote><br> CVE-2019-9788<br> CVE-2019-9789<br> CVE-2019-9790<br> CVE-2019-9791<br> CVE-2019-9792<br> CVE-2019-9793<br> CVE-2019-9794<br> CVE-2019-9795<br> CVE-2019-9796<br> CVE-2019-9797<br> CVE-2019-9798<br> CVE-2019-9799<br> CVE-2019-9801<br> CVE-2019-9802<br> CVE-2019-9803<br> CVE-2019-9804<br> CVE-2019-9805<br> CVE-2019-9806<br> CVE-2019-9807<br> CVE-2019-9808<br> CVE-2019-9809<br> https://www.mozilla.org/security/advisories/mfsa2019-07/<br> https://www.mozilla.org/security/advisories/mfsa2019-08/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0592f49f-b3b8-4260-b648-d1718762656c.html">0592f49f-b3b8-4260-b648-d1718762656c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"> <p>CVE-2019-9811: Sandbox escape via installation of malicious language pack</p> <p>CVE-2019-11711: Script injection within domain through inner window reuse</p> <p>CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects</p> <p>CVE-2019-11713: Use-after-free with HTTP/2 cached stream</p> <p>CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread</p> <p>CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault</p> <p>CVE-2019-11715: HTML parsing error can contribute to content XSS</p> <p>CVE-2019-11716: globalThis not enumerable until accessed</p> <p>CVE-2019-11717: Caret character improperly escaped in origins</p> <p>CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML</p> <p>CVE-2019-11719: Out-of-bounds read when importing curve25519 private key</p> <p>CVE-2019-11720: Character encoding XSS vulnerability</p> <p>CVE-2019-11721: Domain spoofing through unicode latin 'kra' character</p> <p>CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin</p> <p>CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries</p> <p>CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions</p> <p>CVE-2019-11725: Websocket resources bypass safebrowsing protections</p> <p>CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3</p> <p>CVE-2019-11728: Port scanning through Alt-Svc header</p> <p>CVE-2019-11710: Memory safety bugs fixed in Firefox 68</p> <p>CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8</p> </blockquote> <br>Discovery 2019-07-09<br>Entry 2019-07-09<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 68.0_4,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.12 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.8.0 </blockquote><br> CVE-2019-11709<br> CVE-2019-11710<br> CVE-2019-11711<br> CVE-2019-11712<br> CVE-2019-11713<br> CVE-2019-11714<br> CVE-2019-11715<br> CVE-2019-11716<br> CVE-2019-11717<br> CVE-2019-11718<br> CVE-2019-11719<br> CVE-2019-11720<br> CVE-2019-11721<br> CVE-2019-11723<br> CVE-2019-11724<br> CVE-2019-11725<br> CVE-2019-11727<br> CVE-2019-11728<br> CVE-2019-11729<br> CVE-2019-11730<br> CVE-2019-9811<br> https://www.mozilla.org/security/advisories/mfsa2019-21/<br> https://www.mozilla.org/security/advisories/mfsa2019-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html">7943794f-707f-4e31-9fea-3bbf1ddcedc1</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/"> <h1>CVE-2018-5146: Out of bounds memory write in libvorbis</h1> <p>An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.</p> <h1>CVE-2018-5147: Out of bounds memory write in libtremor</h1> <p>The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.</p> </blockquote> <br>Discovery 2018-03-16<br>Entry 2018-03-16<br>Modified 2018-03-31<br><a href="/audio/libvorbis/">libvorbis<br> </a><blockquote>< 1.3.6,3 </blockquote><br> libtremor<br> <blockquote>< 1.2.1.s20180316 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0.1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.2,2 </blockquote><br> libxul<br> <blockquote>< 52.7.3 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5146<br> CVE-2018-5147<br> https://www.mozilla.org/security/advisories/mfsa2018-08/<br> https://www.mozilla.org/security/advisories/mfsa2018-09/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5aefc41e-d304-4ec8-8c82-824f84f08244.html">5aefc41e-d304-4ec8-8c82-824f84f08244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/"> <p>CVE-2018-5183: Backport critical security fixes in Skia</p> <p>CVE-2018-5154: Use-after-free with SVG animations and clip paths</p> <p>CVE-2018-5155: Use-after-free with SVG animations and text paths</p> <p>CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files</p> <p>CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer</p> <p>CVE-2018-5159: Integer overflow and out-of-bounds write in Skia</p> <p>CVE-2018-5160: Uninitialized memory use by WebRTC encoder</p> <p>CVE-2018-5152: WebExtensions information leak through webRequest API</p> <p>CVE-2018-5153: Out-of-bounds read in mixed content websocket messages</p> <p>CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache</p> <p>CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace</p> <p>CVE-2018-5166: WebExtension host permission bypass through filterReponseData</p> <p>CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger</p> <p>CVE-2018-5168: Lightweight themes can be installed without user interaction</p> <p>CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages</p> <p>CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer</p> <p>CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters</p> <p>CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update</p> <p>CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies</p> <p>CVE-2018-5176: JSON Viewer script injection</p> <p>CVE-2018-5177: Buffer overflow in XSLT during number formatting</p> <p>CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox</p> <p>CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension</p> <p>CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced</p> <p>CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink</p> <p>CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar</p> <p>CVE-2018-5151: Memory safety bugs fixed in Firefox 60</p> <p>CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8</p> </blockquote> <br>Discovery 2018-05-09<br>Entry 2018-05-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.1.0_18 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.8.0 </blockquote><br> CVE-2018-5150<br> CVE-2018-5151<br> CVE-2018-5152<br> CVE-2018-5153<br> CVE-2018-5154<br> CVE-2018-5155<br> CVE-2018-5157<br> CVE-2018-5158<br> CVE-2018-5159<br> CVE-2018-5160<br> CVE-2018-5163<br> CVE-2018-5164<br> CVE-2018-5165<br> CVE-2018-5166<br> CVE-2018-5167<br> CVE-2018-5168<br> CVE-2018-5169<br> CVE-2018-5172<br> CVE-2018-5173<br> CVE-2018-5174<br> CVE-2018-5175<br> CVE-2018-5176<br> CVE-2018-5177<br> CVE-2018-5178<br> CVE-2018-5180<br> CVE-2018-5181<br> CVE-2018-5182<br> CVE-2018-5183<br> https://www.mozilla.org/security/advisories/mfsa2018-11/<br> https://www.mozilla.org/security/advisories/mfsa2018-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aa1aefe3-6e37-47db-bfda-343ef4acb1b5.html">aa1aefe3-6e37-47db-bfda-343ef4acb1b5</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-08-02<br>Entry 2016-09-07<br>Modified 2016-09-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 48.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.45 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.3.0 </blockquote><br> CVE-2016-0718<br> CVE-2016-2830<br> CVE-2016-2835<br> CVE-2016-2836<br> CVE-2016-2837<br> CVE-2016-2838<br> CVE-2016-2839<br> CVE-2016-5250<br> CVE-2016-5251<br> CVE-2016-5252<br> CVE-2016-5253<br> CVE-2016-5254<br> CVE-2016-5255<br> CVE-2016-5258<br> CVE-2016-5259<br> CVE-2016-5260<br> CVE-2016-5261<br> CVE-2016-5262<br> CVE-2016-5263<br> CVE-2016-5264<br> CVE-2016-5265<br> CVE-2016-5266<br> CVE-2016-5267<br> CVE-2016-5268<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c4f39920-781f-4aeb-b6af-17ed566c4272.html">c4f39920-781f-4aeb-b6af-17ed566c4272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/"> <h1>CVE-2018-12386: Type confusion in JavaScript</h1> <p>A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.</p> <h1>CVE-2018-12387: </h1> <p>A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.</p> </blockquote> <br>Discovery 2018-10-02<br>Entry 2018-10-02<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0.3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.4 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.2,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2.2 </blockquote><br> CVE-2018-12386<br> CVE-2018-12387<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html">a891c5b4-3d7a-4de9-9c71-eef3fd698c77</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"> <p>CVE-2018-5091: Use-after-free with DTMF timers</p> <p>CVE-2018-5092: Use-after-free in Web Workers</p> <p>CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing</p> <p>CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory</p> <p>CVE-2018-5095: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-5097: Use-after-free when source document is manipulated during XSLT</p> <p>CVE-2018-5098: Use-after-free while manipulating form input elements</p> <p>CVE-2018-5099: Use-after-free with widget listener</p> <p>CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory</p> <p>CVE-2018-5101: Use-after-free with floating first-letter style elements</p> <p>CVE-2018-5102: Use-after-free in HTML media elements</p> <p>CVE-2018-5103: Use-after-free during mouse event handling</p> <p>CVE-2018-5104: Use-after-free during font face manipulation</p> <p>CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts</p> <p>CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker</p> <p>CVE-2018-5107: Printing process will follow symlinks for local file access</p> <p>CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs</p> <p>CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution</p> <p>CVE-2018-5110: Cursor can be made invisible on OS X</p> <p>CVE-2018-5111: URL spoofing in addressbar through drag and drop</p> <p>CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel</p> <p>CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow</p> <p>CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts</p> <p>CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs</p> <p>CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access</p> <p>CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right</p> <p>CVE-2018-5118: Activity Stream images can attempt to load local content through file:</p> <p>CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers</p> <p>CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar</p> <p>CVE-2018-5122: Potential integer overflow in DoCrypt</p> <p>CVE-2018-5090: Memory safety bugs fixed in Firefox 58</p> <p>CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</p> </blockquote> <br>Discovery 2018-01-23<br>Entry 2018-01-23<br>Modified 2018-01-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 58.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.3.63 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.6.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.6.0 </blockquote><br> CVE-2018-5089<br> CVE-2018-5090<br> CVE-2018-5091<br> CVE-2018-5092<br> CVE-2018-5093<br> CVE-2018-5094<br> CVE-2018-5095<br> CVE-2018-5097<br> CVE-2018-5098<br> CVE-2018-5099<br> CVE-2018-5100<br> CVE-2018-5101<br> CVE-2018-5102<br> CVE-2018-5103<br> CVE-2018-5104<br> CVE-2018-5105<br> CVE-2018-5106<br> CVE-2018-5107<br> CVE-2018-5108<br> CVE-2018-5109<br> CVE-2018-5110<br> CVE-2018-5111<br> CVE-2018-5112<br> CVE-2018-5113<br> CVE-2018-5114<br> CVE-2018-5115<br> CVE-2018-5116<br> CVE-2018-5117<br> CVE-2018-5118<br> CVE-2018-5119<br> CVE-2018-5121<br> CVE-2018-5122<br> https://www.mozilla.org/security/advisories/mfsa2018-02/<br> https://www.mozilla.org/security/advisories/mfsa2018-03/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7c3a02b9-3273-4426-a0ba-f90fad2ff72e.html">7c3a02b9-3273-4426-a0ba-f90fad2ff72e</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/"> <p>CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin</p> <p>CVE-2018-12392: Crash with nested event loops</p> <p>CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript</p> <p>CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting</p> <p>CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts</p> <p>CVE-2018-12397:</p> <p>CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs</p> <p>CVE-2018-12399: Spoofing of protocol registration notification bar</p> <p>CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android</p> <p>CVE-2018-12401: DOS attack through special resource URI parsing</p> <p>CVE-2018-12402: SameSite cookies leak when pages are explicitly saved</p> <p>CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP</p> <p>CVE-2018-12388: Memory safety bugs fixed in Firefox 63</p> <p>CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3</p> </blockquote> <br>Discovery 2018-10-23<br>Entry 2018-10-23<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 63.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.5 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.3.0 </blockquote><br> CVE-2018-12388<br> CVE-2018-12390<br> CVE-2018-12391<br> CVE-2018-12392<br> CVE-2018-12393<br> CVE-2018-12395<br> CVE-2018-12396<br> CVE-2018-12397<br> CVE-2018-12398<br> CVE-2018-12399<br> CVE-2018-12400<br> CVE-2018-12401<br> CVE-2018-12402<br> CVE-2018-12403<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b1f7d52f-fc42-48e8-8403-87d4c9d26229.html">b1f7d52f-fc42-48e8-8403-87d4c9d26229</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/"> <p>CVE-2018-18500: Use-after-free parsing HTML5 stream</p> <p>CVE-2018-18503: Memory corruption with Audio Buffer</p> <p>CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer</p> <p>CVE-2018-18505: Privilege escalation through IPC channel messages</p> <p>CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied</p> <p>CVE-2018-18502: Memory safety bugs fixed in Firefox 65</p> <p>CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5</p> </blockquote> <br>Discovery 2019-01-29<br>Entry 2019-01-29<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 65.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.5.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.5.0 </blockquote><br> CVE-2018-18500<br> CVE-2018-18501<br> CVE-2018-18502<br> CVE-2018-18503<br> CVE-2018-18504<br> CVE-2018-18505<br> CVE-2018-18506<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html">6cec1b0a-da15-467d-8691-1dea392d4c8d</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-06-13<br>Entry 2017-06-13<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 54.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.2.0 </blockquote><br> CVE-2017-5470<br> CVE-2017-5471<br> CVE-2017-5472<br> CVE-2017-7749<br> CVE-2017-7750<br> CVE-2017-7751<br> CVE-2017-7752<br> CVE-2017-7754<br> CVE-2017-7755<br> CVE-2017-7756<br> CVE-2017-7757<br> CVE-2017-7758<br> CVE-2017-7759<br> CVE-2017-7760<br> CVE-2017-7761<br> CVE-2017-7762<br> CVE-2017-7763<br> CVE-2017-7764<br> CVE-2017-7765<br> CVE-2017-7766<br> CVE-2017-7767<br> CVE-2017-7768<br> CVE-2017-7778<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6.html">05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/"> <p>CVE-2019-11751: Malicious code execution through command line parameters</p> <p>CVE-2019-11746: Use-after-free while manipulating video</p> <p>CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML</p> <p>CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images</p> <p>CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service</p> <p>CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location</p> <p>CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB</p> <p>CVE-2019-9812: Sandbox escape through Firefox Sync</p> <p>CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com</p> <p>CVE-2019-11743: Cross-origin access to unload event attributes</p> <p>CVE-2019-11748: Persistence of WebRTC permissions in a third party context</p> <p>CVE-2019-11749: Camera information available without prompting using getUserMedia</p> <p>CVE-2019-5849: Out-of-bounds read in Skia</p> <p>CVE-2019-11750: Type confusion in Spidermonkey</p> <p>CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard</p> <p>CVE-2019-11738: Content security policy bypass through hash-based sources in directives</p> <p>CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list</p> <p>CVE-2019-11734: Memory safety bugs fixed in Firefox 69</p> <p>CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1</p> <p>CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9</p> </blockquote> <br>Discovery 2019-09-03<br>Entry 2019-09-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 69.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.14 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 61.0,1 lt 68.1.0,1</blockquote><br> <blockquote>< 60.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 61.0,2 lt 68.1.0,2</blockquote><br> <blockquote>< 60.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 61.0 lt 68.1.0</blockquote><br> <blockquote>< 60.9.0 </blockquote><br> CVE-2019-11734<br> CVE-2019-11735<br> CVE-2019-11736<br> CVE-2019-11737<br> CVE-2019-11738<br> CVE-2019-11740<br> CVE-2019-11741<br> CVE-2019-11742<br> CVE-2019-11743<br> CVE-2019-11744<br> CVE-2019-11746<br> CVE-2019-11747<br> CVE-2019-11748<br> CVE-2019-11749<br> CVE-2019-11750<br> CVE-2019-11751<br> CVE-2019-11752<br> CVE-2019-11753<br> CVE-2019-5849<br> CVE-2019-9812<br> https://www.mozilla.org/security/advisories/mfsa2019-25/<br> https://www.mozilla.org/security/advisories/mfsa2019-26/<br> https://www.mozilla.org/security/advisories/mfsa2019-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d10b49b2-8d02-49e8-afde-0844626317af.html">d10b49b2-8d02-49e8-afde-0844626317af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"> <p>CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module</p> <p>CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11</p> <p>CVE-2018-18492: Use-after-free with select element</p> <p>CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia</p> <p>CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs</p> <p>CVE-2018-18495: WebExtension content scripts can be loaded in about: pages</p> <p>CVE-2018-18496: Embedded feed preview page can be abused for clickjacking</p> <p>CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators</p> <p>CVE-2018-18498: Integer overflow when calculating buffer sizes for images</p> <p>CVE-2018-12406: Memory safety bugs fixed in Firefox 64</p> <p>CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4</p> </blockquote> <br>Discovery 2018-12-11<br>Entry 2018-12-11<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 64.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.6 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.4.0 </blockquote><br> CVE-2018-12405<br> CVE-2018-12406<br> CVE-2018-12407<br> CVE-2018-17466<br> CVE-2018-18492<br> CVE-2018-18493<br> CVE-2018-18494<br> CVE-2018-18495<br> CVE-2018-18496<br> CVE-2018-18497<br> CVE-2018-18498<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/555b244e-6b20-4546-851f-d8eb7d6c1ffa.html">555b244e-6b20-4546-851f-d8eb7d6c1ffa</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-08-08<br>Entry 2017-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 55.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.3.0 </blockquote><br> CVE-2017-7753<br> CVE-2017-7779<br> CVE-2017-7780<br> CVE-2017-7781<br> CVE-2017-7782<br> CVE-2017-7783<br> CVE-2017-7784<br> CVE-2017-7785<br> CVE-2017-7786<br> CVE-2017-7787<br> CVE-2017-7788<br> CVE-2017-7789<br> CVE-2017-7790<br> CVE-2017-7791<br> CVE-2017-7792<br> CVE-2017-7794<br> CVE-2017-7796<br> CVE-2017-7797<br> CVE-2017-7798<br> CVE-2017-7799<br> CVE-2017-7800<br> CVE-2017-7801<br> CVE-2017-7802<br> CVE-2017-7803<br> CVE-2017-7804<br> CVE-2017-7806<br> CVE-2017-7807<br> CVE-2017-7808<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c71cdc95-3c18-45b7-866a-af28b59aabb5.html">c71cdc95-3c18-45b7-866a-af28b59aabb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"> <p>CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList</p> <p>CVE-2018-5128: Use-after-free manipulating editor selection ranges</p> <p>CVE-2018-5129: Out-of-bounds write with malformed IPC messages</p> <p>CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption</p> <p>CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources</p> <p>CVE-2018-5132: WebExtension Find API can search privileged pages</p> <p>CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized</p> <p>CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions</p> <p>CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts</p> <p>CVE-2018-5136: Same-origin policy violation with data: URL shared workers</p> <p>CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources</p> <p>CVE-2018-5138: Android Custom Tab address spoofing through long domain names</p> <p>CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol</p> <p>CVE-2018-5141: DOS attack through notifications Push API</p> <p>CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs</p> <p>CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar</p> <p>CVE-2018-5126: Memory safety bugs fixed in Firefox 59</p> <p>CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7</p> </blockquote> <br>Discovery 2018-03-13<br>Entry 2018-03-13<br>Modified 2018-03-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5125<br> CVE-2018-5126<br> CVE-2018-5127<br> CVE-2018-5128<br> CVE-2018-5129<br> CVE-2018-5130<br> CVE-2018-5131<br> CVE-2018-5132<br> CVE-2018-5133<br> CVE-2018-5134<br> CVE-2018-5135<br> CVE-2018-5136<br> CVE-2018-5137<br> CVE-2018-5138<br> CVE-2018-5140<br> CVE-2018-5141<br> CVE-2018-5142<br> CVE-2018-5143<br> https://www.mozilla.org/security/advisories/mfsa2018-06/<br> https://www.mozilla.org/security/advisories/mfsa2018-07/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html">d1853110-07f4-4645-895b-6fd462ad0589</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-11-15<br>Entry 2016-11-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.5.0 </blockquote><br> CVE-2016-5289<br> CVE-2016-5290<br> CVE-2016-5291<br> CVE-2016-5292<br> CVE-2016-5293<br> CVE-2016-5294<br> CVE-2016-5295<br> CVE-2016-5296<br> CVE-2016-5297<br> CVE-2016-5298<br> CVE-2016-5299<br> CVE-2016-9061<br> CVE-2016-9062<br> CVE-2016-9063<br> CVE-2016-9064<br> CVE-2016-9065<br> CVE-2016-9066<br> CVE-2016-9067<br> CVE-2016-9068<br> CVE-2016-9070<br> CVE-2016-9071<br> CVE-2016-9072<br> CVE-2016-9073<br> CVE-2016-9074<br> CVE-2016-9075<br> CVE-2016-9076<br> CVE-2016-9077<br> https://www.mozilla.org/security/advisories/mfsa2016-89/<br> https://www.mozilla.org/security/advisories/mfsa2016-90/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html">e60169c4-aa86-46b0-8ae2-0d81f683df09</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-01-24<br>Entry 2017-01-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 51.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.48 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.7.0 </blockquote><br> CVE-2017-5373<br> CVE-2017-5374<br> CVE-2017-5375<br> CVE-2017-5376<br> CVE-2017-5377<br> CVE-2017-5378<br> CVE-2017-5379<br> CVE-2017-5380<br> CVE-2017-5381<br> CVE-2017-5382<br> CVE-2017-5383<br> CVE-2017-5384<br> CVE-2017-5385<br> CVE-2017-5386<br> CVE-2017-5387<br> CVE-2017-5388<br> CVE-2017-5389<br> CVE-2017-5390<br> CVE-2017-5391<br> CVE-2017-5392<br> CVE-2017-5393<br> CVE-2017-5394<br> CVE-2017-5395<br> CVE-2017-5396<br> https://www.mozilla.org/security/advisories/mfsa2017-01/<br> https://www.mozilla.org/security/advisories/mfsa2017-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8065d37b-8e7c-4707-a608-1b0a2b8509c3.html">8065d37b-8e7c-4707-a608-1b0a2b8509c3</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47"> <p>MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)</p> <p>MFSA 2016-50 Buffer overflow parsing HTML5 fragments</p> <p>MFSA 2016-51 Use-after-free deleting tables from a contenteditable document</p> <p>MFSA 2016-52 Addressbar spoofing though the SELECT element</p> <p>MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI</p> <p>MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction</p> <p>MFSA 2016-57 Incorrect icon displayed on permissions notifications</p> <p>MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission</p> <p>MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes</p> <p>MFSA 2016-60 Java applets bypass CSP protections</p> </blockquote> <br>Discovery 2016-06-07<br>Entry 2016-06-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 47.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.44 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.2.0 </blockquote><br> CVE-2016-2815<br> CVE-2016-2818<br> CVE-2016-2819<br> CVE-2016-2821<br> CVE-2016-2822<br> CVE-2016-2825<br> CVE-2016-2828<br> CVE-2016-2829<br> CVE-2016-2831<br> CVE-2016-2832<br> CVE-2016-2833<br> https://www.mozilla.org/security/advisories/mfsa2016-49/<br> https://www.mozilla.org/security/advisories/mfsa2016-50/<br> https://www.mozilla.org/security/advisories/mfsa2016-51/<br> https://www.mozilla.org/security/advisories/mfsa2016-52/<br> https://www.mozilla.org/security/advisories/mfsa2016-54/<br> https://www.mozilla.org/security/advisories/mfsa2016-56/<br> https://www.mozilla.org/security/advisories/mfsa2016-57/<br> https://www.mozilla.org/security/advisories/mfsa2016-58/<br> https://www.mozilla.org/security/advisories/mfsa2016-59/<br> https://www.mozilla.org/security/advisories/mfsa2016-60/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c96d416a-eae7-4d5d-bc84-40deca9329fb.html">c96d416a-eae7-4d5d-bc84-40deca9329fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/"> <p>CVE-2018-12377: Use-after-free in refresh driver timers</p> <p>CVE-2018-12378: Use-after-free in IndexedDB</p> <p>CVE-2018-12379: Out-of-bounds write with malicious MAR file</p> <p>CVE-2017-16541: Proxy bypass using automount and autofs</p> <p>CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation</p> <p>CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android</p> <p>CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords</p> <p>CVE-2018-12375: Memory safety bugs fixed in Firefox 62</p> <p>CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2</p> </blockquote> <br>Discovery 2018-09-05<br>Entry 2018-09-05<br>Modified 2018-09-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2 </blockquote><br> CVE-2017-16541<br> CVE-2018-12375<br> CVE-2018-12376<br> CVE-2018-12377<br> CVE-2018-12378<br> CVE-2018-12379<br> CVE-2018-12381<br> CVE-2018-12382<br> CVE-2018-12383<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html">18f39fb6-7400-4063-acaf-0806e92c094f</a></td><td>Mozilla -- SVG Animation Remote Code Execution<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/"> <p>A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.</p> </blockquote> <br>Discovery 2016-11-30<br>Entry 2016-12-01<br>Modified 2016-12-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0.2,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.1,2 </blockquote><br> seamonkey<br> <blockquote>< 2.46 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> libxul<br> <blockquote>< 45.5.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 45.5.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 45.5.1 </blockquote><br> CVE-2016-9079<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/<br> </td></tr> </table> </body> </html>