Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites

Reply: Fernando_Apesteguía : "Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites"
In reply to: Fernando Apesteguía : "git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Thu, 29 Aug 2024 20:42:04 UTC

Hi,

When I read the CVE documents they mention that these are about Firefox for iOS.
The advisory page of Mozilla also talks about Firefox for iOS.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/

So I doubt that this is applicable to the FreeBSD package. But you might know things I don't know.

Regards,
Ronald.

 
Van: "Fernando Apesteguía" <fernape@FreeBSD.org>
Datum: donderdag, 29 augustus 2024 19:47
Aan: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Onderwerp: git: 4453cf7eef05 - main - security/vuxml: Record firefox multiple vulnerabilites
> 
> The branch main has been updated by fernape:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=4453cf7eef05f9ac2b27bda7a87afb7da713f1c4
> 
> commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4
> Author:     Fernando Apesteguía <fernape@FreeBSD.org>
> AuthorDate: 2024-08-29 17:43:33 +0000
> Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
> CommitDate: 2024-08-29 17:47:42 +0000
> 
>     security/vuxml: Record firefox multiple vulnerabilites
>     
>     CVE-2024-43111
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
>     
>     CVE-2024-43112
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
>     
>     CVE-2024-43113
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
> ---
>  security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
> 
> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
> index 7dd64a18968f..e9606c88bfca 100644
> --- a/security/vuxml/vuln/2024.xml
> +++ b/security/vuxml/vuln/2024.xml
> @@ -1,3 +1,42 @@
> +  <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e">
> +    <topic>firefox -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +   <name>firefox</name>
> +   <range><lt>129</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">
> +   <p>security@mozilla.org reports:</p>
> +   <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1874964">
> +     <p>This update includes 3 CVEs:</p>
> +       <ul>
> +         <li>The contextual menu for links could provide an
> +       opportunity for cross-site scripting attacks.</li>
> +         <li>Long pressing on a download link could potentially
> +       provide a means for cross-site scripting.</li>
> +         <li>Long pressing on a download link could potentially
> +       allow Javascript commands to be executed within the
> +       browser.</li>
> +   </ul>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-43113</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url>
> +      <cvename>CVE-2024-43112</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url>
> +      <cvename>CVE-2024-43111</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url>
> +    </references>
> +    <dates>
> +      <discovery>2024-08-06</discovery>
> +      <entry>2024-08-29</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6">
>      <topic>chromium -- multiple security fixes</topic>
>      <affects>
> 
> 
>