git: 86d1aa3caa24 - main - security/vuxml: Add firefox{-esr}, thunderbird vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 03 Oct 2024 11:18:36 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=86d1aa3caa24c97cdc63962d13fef16be12c84b7
commit 86d1aa3caa24c97cdc63962d13fef16be12c84b7
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-10-03 11:17:02 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-10-03 11:18:17 +0000
security/vuxml: Add firefox{-esr}, thunderbird vulnerabilities
CVE-2024-9392
CVE-2024-9396
CVE-2024-9400
CVE-2024-9401
CVE-2024-9402
CVE-2024-9403
---
security/vuxml/vuln/2024.xml | 67 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 41c08dd498a8..d20bff373ce6 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,70 @@
+ <vuln vid="0417d41a-8175-11ef-a5dc-b42e991fc52e">
+ <topic>firefox -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>131.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.3.0,1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.3.0,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476">
+ <ul>
+ <li>CVE-2024-9392: A compromised content process could have
+ allowed for the arbitrary loading of cross-origin pages.</li>
+ <li>CVE-2024-9396: It is currently unknown if this issue is
+ exploitable but a condition may arise where the structured
+ clone of certain objects could lead to memory corruption.</li>
+ <li>CVE-2024-9400: A potential memory corruption vulnerability
+ could be triggered if an attacker had the ability to trigger
+ an OOM at a specific moment during JIT compilation.</li>
+ <li>CVE-2024-9401: Memory safety bugs present in Firefox 130,
+ Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
+ Some of these bugs showed evidence of memory corruption and we
+ presume that with enough effort some of these could have been
+ exploited to run arbitrary code.</li>
+ <li>CVE-2024-9402: Memory safety bugs present in Firefox 130,
+ Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs
+ showed evidence of memory corruption and we presume that with
+ enough effort some of these could have been exploited to run
+ arbitrary code.</li>
+ <li>CVE-2024-9403: Memory safety bugs present in Firefox 130.
+ Some of these bugs showed evidence of memory corruption and we
+ presume that with enough effort some of these could have been
+ exploited to run arbitrary code.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-9392</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9392</url>
+ <cvename>CVE-2024-9396</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9396</url>
+ <cvename>CVE-2024-9400</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9400</url>
+ <cvename>CVE-2024-9401</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9401</url>
+ <cvename>CVE-2024-9402</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9402</url>
+ <cvename>CVE-2024-9403</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-9403</url>
+ </references>
+ <dates>
+ <discovery>2024-10-01</discovery>
+ <entry>2024-10-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3c6f8270-3210-4e2f-ba72-a9cdca7417a0">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>