From ced630b5ed0eb8329d7d5bba45658f1bdb131950 Mon Sep 17 00:00:00 2001 From: Jan Beich Date: Tue, 5 Dec 2017 23:31:08 +0000 Subject: security/vuxml: mark firefox < 57.0.1 as vulnerable --- security/vuxml/vuln.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c0948db9f20d..554dbe77b379 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,52 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mozilla -- multiple vulnerabilities + + + firefox + 57.0,157.0.1,1 + 56.0.2_11,1 + + + waterfox + 56.0.s20171130 + + + seamonkey + linux-seamonkey + 2.49.2 + + + firefox-esr + 52.5.1,1 + + + linux-firefox + 52.5.1,2 + + + + +

Mozilla Foundation reports:

+
CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data
+
CVE-2017-7844: Visited history information leak through SVG image
+

+ + + + CVE-2017-7843 + CVE-2017-7844 + https://www.mozilla.org/security/advisories/mfsa2017-27/ + + + 2017-11-29 + 2017-12-05 + + + varnish -- information disclosure vulnerability -- cgit v1.2.3