From nobody Mon Aug 19 20:25:55 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wnkcz3Y6vz5TRTV; Mon, 19 Aug 2024 20:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wnkcz2nDHz4kTr; Mon, 19 Aug 2024 20:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724099155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DvmjDGDAKbX8Sp9Umr6Z5POqSQHL0O5eJ6hVfFp/9xc=; b=BSu1fj7KXYUw+6IE/7NGzOXU0WpVQMtfb+bB9/tywHFbNIadph3OCUmPByupf2mNT20nY0 uyb07eokk4sVqm6/bg2sNI0z6j8ygx9YFj28whZt3Xn5z13PAF1RnEwxB4xmTWXYTxR5q3 ur/2E5C120HpUlq2kiYVNM5jC1Kt3UeiBd9iQy/Tqb2uzFFiC7FVV7vw0vbkPJA3QPj5GH p5EfT+m9zIIiL4+m9uomIicXt3F94e4SGYJUS3ckl3neW5vz1LVF5PKTYGLtqVllLTPGQb ojwR7NIGJ4kpYZwyH8F6cZj4wyRjWA4iJaXB4abmjQ5BbkBu2K0IDOLi8QdY+g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724099155; a=rsa-sha256; cv=none; b=GYhCWtIHKlVw7KEXgn29xFSMILATl6V68LqiryMNpFb/pfQl7G+hvKpgdE3Kpec8Ia7f6i hsfDYU0NaTno+rysoM0d+OhkA2LJ5kCXrAihaxU+LeNVWh1EcO0W0k+pILTqzHdSN48aM9 pKoiV8V+EkDviBO1gGPVAqEy70nrt7TTqQTi+UZEf/OE7E1Y9CUYop1H2FvsRapWgR4pgK PBjdHP4lNqJ69ixdZjF6W+uKeI/t2hMU7XWuDSIOmOJgRPpzXr/rD92pRJdcu8ESW6katS Mu5Gf/3D6SP3OHCPRv1t3peoxEf0wyOtx2AJTtwjDtjC5cAdD2C9rDjIx5DZnw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724099155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DvmjDGDAKbX8Sp9Umr6Z5POqSQHL0O5eJ6hVfFp/9xc=; b=GMjoF5/o4y50Wjrj2veYmvy4AxpTWuEh0RXc+0q0d1tFCt6xOUzoVnf2OFYU/HrhvZDdfh cicS5fIS4i87cDuICxII5AYaiHOcG7JC37r8d66f02jOJqHrk88OZtcF+1I+626bUALuqa TvRvDBazShhwl5R2wVYe77bOFNJnS7We0C/VKVFPCHo+z3ZKjU8YTE2roWvmfFDv2dqWIN vE6P/F5Q0Cy7GFuncmzFY9KSJXKHbeDmTqAOb0ejbW4ynOqNpveN+Obmazx0uuhzGNFPqo ACRdkvxQE2qbvLLIWIaLgFFL2xHe9En3Ucf67IJebfJG9/D450SoPX50RR6VLA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wnkcz2GklzX2R; Mon, 19 Aug 2024 20:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47JKPtR0088665; Mon, 19 Aug 2024 20:25:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47JKPtKv088662; Mon, 19 Aug 2024 20:25:55 GMT (envelope-from git) Date: Mon, 19 Aug 2024 20:25:55 GMT Message-Id: <202408192025.47JKPtKv088662@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 45ab0e1eb086 - main - security/vuxml: Record firefox spoofing vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 45ab0e1eb0868171c96fd550f571f31bb38bc98c Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=45ab0e1eb0868171c96fd550f571f31bb38bc98c commit 45ab0e1eb0868171c96fd550f571f31bb38bc98c Author: Fernando ApesteguĂ­a AuthorDate: 2024-08-19 20:24:12 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2024-08-19 20:25:39 +0000 security/vuxml: Record firefox spoofing vulnerability CVE-2024-7518 * Base Score: 6.5 MEDIUM * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N --- security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 28b5da1474d5..1fa93858ab61 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,32 @@ + + mozilla products -- spoofing attack + + + firefox + 129 + + + + +

security@mozilla.org reports:

+
+

Select options could obscure the fullscreen notification dialog. + This could be used by a malicious site to perform a spoofing attack. + This vulnerability affects Firefox < 129, Firefox ESR < 128.1, + and Thunderbird < 128.1.

+
+ + + + CVE-2024-7518 + https://nvd.nist.gov/vuln/detail/CVE-2024-7518 + + + 2024-08-06 + 2024-08-19 + + + electron31 -- multiple vulnerabilities