From nobody Thu Aug 29 17:47:55 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wvpf40Ylhz5TJCF; Thu, 29 Aug 2024 17:47:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wvpf371J2z3x7x; Thu, 29 Aug 2024 17:47:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724953676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sQGZV9O+vlXDK0/Ruc1X5puDnsLexT63+mm3Ekx+fUw=; b=hqmIt6Fy9szatglMbA6aNIDkJGcobO7TylsKSFcDsboJmcoacCHX5gZEDAgqXe1B3/d2V0 tpgDv4Ch0ucvSrohRwjJVJKz/FDEUd8pBb7yMSYuDzwyQpg8BGKvylBK52z5XwtFUByX4J g4FJJZIIEtz+kGqaFIOpVMJn4sDZKA3A/5dkmIrylEee/Z4gYRMnoahKtoaeJSd9WfRP31 +WAhKrCmcm+PZOLPGfTzrSidY/ZqUXijXHbxmCLERmMAStfwCQQabmozeVRu2yTmMag+91 oePYztcBMmFOWf7h9fM12nezK594esKBoC16KSEKSNAaaMJTv5VodhMF/v8VhQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724953676; a=rsa-sha256; cv=none; b=GcIRaMOM7lqfI+UrCXFMy/Kt/4VuboEfAKgKiT3EPA/F6reF5ITQcWSK/gLRxf8F/K08CM ANbERdIzwJZIY5eXPC/mYbOfBbz8HpXxOEeio01mQD4+Y+qc/NaCEuRMjSM7CBcTJ7hh1D ERD7DGAJnkbyKKvqrW7WaB37y481fXheuQGGncaBdJRvODRnN/gG1AGeByhV1eoeV6bH/b 19IEb0uwPXvWU+4HvovkD2WsTw4A0OEIwucKfYvE2wUHniIZ/Gtj7N9NXsNmpedZSJINGK CpOyCDjr+K1ZXCyTROWGNSYh4kRkI7zw33NJHLS30sbKQEAgg44bb/MXlcnI1g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724953676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sQGZV9O+vlXDK0/Ruc1X5puDnsLexT63+mm3Ekx+fUw=; b=PBLA1sL2m1Q1atyPgVtbZMoXoyDJpev0K7znFLHvlD7uUUy9CbxqomZ1p4mPsz3TKjWTSF n+ePKZZZdivV5cYQpNMJRkrRipSF6C4Pw5mwFhkuheCPoCJv6Xq5oGhoST+ZGIlFx1RCS4 K6pbXiQmiIOQgZnOImFePFItlsI9tx9Lk4m4IKtvNo81KF9ydO3bNdvuMfqh2vC1+59BBL Aa4vzgR4R08eO9YcGVcMH5zS4v0yeHMatBGPyVvd1LeugJmqrT5DWdTKDR8MVlOeq0epKU J44Pe89T5frJTee7y1A0ImQp/O1PHZZUwpWIxCPYVf9fWz6f7VL/jVke01Xv5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wvpf36Z6bzRrc; Thu, 29 Aug 2024 17:47:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47THltPG050013; Thu, 29 Aug 2024 17:47:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47THltnT050010; Thu, 29 Aug 2024 17:47:55 GMT (envelope-from git) Date: Thu, 29 Aug 2024 17:47:55 GMT Message-Id: <202408291747.47THltnT050010@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4 Author: Fernando ApesteguĂ­a AuthorDate: 2024-08-29 17:43:33 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2024-08-29 17:47:42 +0000 security/vuxml: Record firefox multiple vulnerabilites CVE-2024-43111 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-43112 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-43113 * Base Score: 6.1 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N --- security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 7dd64a18968f..e9606c88bfca 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,42 @@ + + firefox -- multiple vulnerabilities + + + firefox + 129 + + + + +

security@mozilla.org reports:

+
+

This update includes 3 CVEs:

+
    +
  • The contextual menu for links could provide an + opportunity for cross-site scripting attacks.
    • +
  • Long pressing on a download link could potentially + provide a means for cross-site scripting.
    • +
  • Long pressing on a download link could potentially + allow Javascript commands to be executed within the + browser.
    • +
+
+ + + + CVE-2024-43113 + https://nvd.nist.gov/vuln/detail/CVE-2024-43113 + CVE-2024-43112 + https://nvd.nist.gov/vuln/detail/CVE-2024-43112 + CVE-2024-43111 + https://nvd.nist.gov/vuln/detail/CVE-2024-43111 + + + 2024-08-06 + 2024-08-29 + + + chromium -- multiple security fixes