author: Florian Smeets <flo@FreeBSD.org> 2013-06-26 11:01:34 +0000
committer: Florian Smeets <flo@FreeBSD.org> 2013-06-26 11:01:34 +0000
commit: d24ed7a7b663f5e7f243706e0f25e7b044c02f28 (patch)
tree: 95f37f9850e84f6918dba03cead478194c444dc5 /security
parent: 8c39c78e7c30bcac33fdc4104e347ea1ca1fd899 (diff)
download: ports-d24ed7a7b663f5e7f243706e0f25e7b044c02f28.tar.gz
ports-d24ed7a7b663f5e7f243706e0f25e7b044c02f28.zip
1 files changed, 92 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b677d4e3a51d..0e5f11991f01 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,98 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b3fcb387-de4b-11e2-b1c6-0025905a4771">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><gt>18.0,1</gt><lt>22.0,1</lt></range>
+	<range><lt>17.0.7,1</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>17.0.7,1</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.19</lt></range>
+      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>17.0.7</lt></range>
+      </package>
+      <package>
+	<name>seamonkey</name>
+	<range><lt>2.19</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><gt>11.0</gt><lt>17.0.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Mozilla Project reports:</p>
+	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
+	  <p>Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)</p>
+	  <p>Title: Memory corruption found using Address Sanitizer</p>
+	  <p>Privileged content access and execution via XBL</p>
+	  <p>Arbitrary code execution within Profiler</p>
+	  <p>Execution of unmapped memory through onreadystatechange</p>
+	  <p>Data in the body of XHR HEAD requests leads to CSRF attacks</p>
+	  <p>SVG filters can lead to information disclosure</p>
+	  <p>PreserveWrapper has inconsistent behavior</p>
+	  <p>Sandbox restrictions not applied to nested frame elements</p>
+	  <p>X-Frame-Options ignored when using server push with multi-part
+	    responses</p>
+	  <p>XrayWrappers can be bypassed to run user defined methods in a
+	    privileged context</p>
+	  <p>getUserMedia permission dialog incorrectly displays location</p>
+	  <p>Homograph domain spoofing in .com, .net and .name</p>
+	  <p>Inaccessible updater can lead to local privilege escalation</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2013-1682</cvename>
+	<cvename>CVE-2013-1683</cvename>
+	<cvename>CVE-2013-1684</cvename>
+	<cvename>CVE-2013-1685</cvename>
+	<cvename>CVE-2013-1686</cvename>
+	<cvename>CVE-2013-1687</cvename>
+	<cvename>CVE-2013-1688</cvename>
+	<cvename>CVE-2013-1690</cvename>
+	<cvename>CVE-2013-1692</cvename>
+	<cvename>CVE-2013-1693</cvename>
+	<cvename>CVE-2013-1694</cvename>
+	<cvename>CVE-2013-1695</cvename>
+	<cvename>CVE-2013-1696</cvename>
+	<cvename>CVE-2013-1697</cvename>
+	<cvename>CVE-2013-1698</cvename>
+	<cvename>CVE-2013-1699</cvename>
+	<cvename>CVE-2013-1700</cvename>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-49.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-50.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-51.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-52.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-53.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-54.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-55.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-56.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-57.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-58.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-59.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-60.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-61.html</url>
+	<url>http://www.mozilla.org/security/announce/2013/mfsa2013-62.html</url>
+	<url>http://www.mozilla.org/security/known-vulnerabilities/</url>
+    </references>
+    <dates>
+      <discovery>2013-06-25</discovery>
+      <entry>2013-06-26</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="01cf67b3-dc3b-11e2-a6cd-c48508086173">
     <topic>cURL library -- heap corruption in curl_easy_unescape</topic>
     <affects>
@@ -1477,7 +1569,6 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>MFSA 2013-46 Use-after-free with video and onresize event</p>
 	  <p>MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent</p>
 	  <p>MFSA 2013-48 Memory corruption found using Address Sanitizer</p>
-	  <p> </p>
 	</blockquote>
       </body>
     </description>
author	Florian Smeets <flo@FreeBSD.org>	2013-06-26 11:01:34 +0000
committer	Florian Smeets <flo@FreeBSD.org>	2013-06-26 11:01:34 +0000
commit	d24ed7a7b663f5e7f243706e0f25e7b044c02f28 (patch)
tree	95f37f9850e84f6918dba03cead478194c444dc5 /security
parent	8c39c78e7c30bcac33fdc4104e347ea1ca1fd899 (diff)
download	ports-d24ed7a7b663f5e7f243706e0f25e7b044c02f28.tar.gz ports-d24ed7a7b663f5e7f243706e0f25e7b044c02f28.zip