summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Beich <jbeich@FreeBSD.org>2019-07-10 01:16:04 +0000
committerJan Beich <jbeich@FreeBSD.org>2019-07-10 01:16:04 +0000
commit62f60f6e8c07a8d810d7a04295709a6aa87329ab (patch)
tree632aee59a12d1e94d378d1bcff2effd0193ec66a
parentsecurity/softether-devel: Update to v4.30-9696-beta (diff)
security/vuxml: mark firefox < 68 as vulnerable
Notes
Notes: svn path=/head/; revision=506328
Diffstat
-rw-r--r--security/vuxml/vuln.xml95
1 files changed, 95 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 253a25550db9..40ad67edfa75 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,96 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="0592f49f-b3b8-4260-b648-d1718762656c">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>68.0_4,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.2.12</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.5</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>60.8.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>60.8.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>60.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/">
+ <p>CVE-2019-9811: Sandbox escape via installation of malicious language pack</p>
+ <p>CVE-2019-11711: Script injection within domain through inner window reuse</p>
+ <p>CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects</p>
+ <p>CVE-2019-11713: Use-after-free with HTTP/2 cached stream</p>
+ <p>CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread</p>
+ <p>CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault</p>
+ <p>CVE-2019-11715: HTML parsing error can contribute to content XSS</p>
+ <p>CVE-2019-11716: globalThis not enumerable until accessed</p>
+ <p>CVE-2019-11717: Caret character improperly escaped in origins</p>
+ <p>CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML</p>
+ <p>CVE-2019-11719: Out-of-bounds read when importing curve25519 private key</p>
+ <p>CVE-2019-11720: Character encoding XSS vulnerability</p>
+ <p>CVE-2019-11721: Domain spoofing through unicode latin 'kra' character</p>
+ <p>CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin</p>
+ <p>CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries</p>
+ <p>CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions</p>
+ <p>CVE-2019-11725: Websocket resources bypass safebrowsing protections</p>
+ <p>CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3</p>
+ <p>CVE-2019-11728: Port scanning through Alt-Svc header</p>
+ <p>CVE-2019-11710: Memory safety bugs fixed in Firefox 68</p>
+ <p>CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-11709</cvename>
+ <cvename>CVE-2019-11710</cvename>
+ <cvename>CVE-2019-11711</cvename>
+ <cvename>CVE-2019-11712</cvename>
+ <cvename>CVE-2019-11713</cvename>
+ <cvename>CVE-2019-11714</cvename>
+ <cvename>CVE-2019-11715</cvename>
+ <cvename>CVE-2019-11716</cvename>
+ <cvename>CVE-2019-11717</cvename>
+ <cvename>CVE-2019-11718</cvename>
+ <cvename>CVE-2019-11719</cvename>
+ <cvename>CVE-2019-11720</cvename>
+ <cvename>CVE-2019-11721</cvename>
+ <cvename>CVE-2019-11723</cvename>
+ <cvename>CVE-2019-11724</cvename>
+ <cvename>CVE-2019-11725</cvename>
+ <cvename>CVE-2019-11727</cvename>
+ <cvename>CVE-2019-11728</cvename>
+ <cvename>CVE-2019-11729</cvename>
+ <cvename>CVE-2019-11730</cvename>
+ <cvename>CVE-2019-9811</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2019-21/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2019-22/</url>
+ </references>
+ <dates>
+ <discovery>2019-07-09</discovery>
+ <entry>2019-07-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="23f65f58-a261-11e9-b444-002590acae31">
<topic>GnuPG -- denial of service</topic>
<affects>
@@ -653,6 +743,10 @@ Notes:
<range><lt>67.0.4,1</lt></range>
</package>
<package>
+ <name>waterfox</name>
+ <range><lt>56.2.12</lt></range>
+ </package>
+ <package>
<name>firefox-esr</name>
<range><lt>60.7.2,1</lt></range>
</package>
@@ -678,6 +772,7 @@ Notes:
<dates>
<discovery>2019-06-20</discovery>
<entry>2019-06-21</entry>
+ <modified>2019-07-09</modified>
</dates>
</vuln>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-08 17:03:55 +0000