summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBeat Gaetzi <beat@FreeBSD.org>2011-11-08 17:48:37 +0000
committerBeat Gaetzi <beat@FreeBSD.org>2011-11-08 17:48:37 +0000
commitf7d577b16226e48d2edcfd5bbf13cac12d9e3035 (patch)
tree1bde740382e88c5e40dd4361d801f62ab7659ce3
parentUpdate to 1.1.4. (diff)
- Document mozilla -- multiple vulnerabilities
-rw-r--r--security/vuxml/vuln.xml64
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 33c29bdc70f3..623335a2ba5a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,70 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6c8ad3e8-0a30-11e1-9580-4061862b8c22">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><gt>4.0,1</gt><lt>8.0,1</lt></range>
+ <range><gt>3.6.*,1</gt><lt>3.6.24,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><gt>1.9.2.*</gt><lt>1.9.2.24</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>8.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>8.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><gt>4.0</gt><lt>8.0</lt></range>
+ <range><lt>3.1.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
+ <p>MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)</p>
+ <p>MFSA 2011-47 Potential XSS against sites using Shift-JIS</p>
+ <p>MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)</p>
+ <p>MFSA 2011-49 Memory corruption while profiling using Firebug</p>
+ <p>MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D</p>
+ <p>MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU</p>
+ <p>MFSA 2011-52 Code execution via NoWaiverWrapper</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-3647</cvename>
+ <cvename>CVE-2011-3648</cvename>
+ <cvename>CVE-2011-3649</cvename>
+ <cvename>CVE-2011-3650</cvename>
+ <cvename>CVE-2011-3651</cvename>
+ <cvename>CVE-2011-3652</cvename>
+ <cvename>CVE-2011-3653</cvename>
+ <cvename>CVE-2011-3654</cvename>
+ <cvename>CVE-2011-3655</cvename>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-46.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-47.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-48.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-49.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-50.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-51.html</url>
+ <url>http://www.mozilla.org/security/announce/2011/mfsa2011-52.html</url>
+ </references>
+ <dates>
+ <discovery>2011-11-08</discovery>
+ <entry>2011-11-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9dde9dac-08f4-11e1-af36-003067b2972c">
<topic>caml-light - insecure use of temporary files</topic>
<affects>