git: d62ea8c0ed16 - main - security/vuxml: Entries for mozilla products

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Fernando Apesteguía <fernape_at_FreeBSD.org>
Date: Fri, 07 Feb 2025 16:49:49 UTC
The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d62ea8c0ed16eade163e7af7293829dad0a4dcd2

commit d62ea8c0ed16eade163e7af7293829dad0a4dcd2
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-02-07 16:47:56 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-02-07 16:48:21 +0000

    security/vuxml: Entries for mozilla products
    
    CVE-2025-10{09,10,11,12,13,14,15,16,17,18,19,20}
---
 security/vuxml/vuln/2025.xml | 172 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 172 insertions(+)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index d237a93416e7..1a7462c511a2 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,175 @@
+  <vuln vid="20485d27-e540-11ef-a845-b42e991fc52e">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>135.0.0,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>128.7,1</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>128.7</lt></range>
+	<range><gt>129</gt><lt>135</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471">
+	<p>A bug in WebAssembly code generation could have lead to a crash.
+	It may have been possible for an attacker to leverage this to achieve
+	code execution.</p>
+	<p>A race condition could have led to private browsing tabs being
+	opened in normal browsing windows.  This could have resulted in a
+	potential privacy leak.</p>
+	<p>Certificate length was not properly checked when added to a certificate
+	store.  In practice only trusted data was processed.</p>
+	<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
+	ESR 128.6, and Thunderbird 128.6.  Some of these bugs showed evidence
+	of memory corruption and we presume that with enough effort some
+	of these could have been exploited to run arbitrary code.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-1011</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1011</url>
+      <cvename>CVE-2025-1013</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1013</url>
+      <cvename>CVE-2025-1014</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1014</url>
+      <cvename>CVE-2025-1017</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1017</url>
+    </references>
+    <dates>
+      <discovery>2025-02-04</discovery>
+      <entry>2025-02-07</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f7ca4ff7-e53f-11ef-a845-b42e991fc52e">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>mozilla</name>
+	<range><lt>135.0.0,2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169">
+	  <p>Memory safety bugs present in Firefox 134 and Thunderbird 134.  Some
+	of these bugs showed evidence of memory corruption and we presume
+	that with enough effort some of these could have been exploited to
+	run arbitrary code.</p>
+	  <p>The fullscreen notification is prematurely hidden when fullscreen
+	is re-requested quickly by the user.  This could have been leveraged
+	to perform a potential spoofing attack.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-1018</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1018</url>
+      <cvename>CVE-2025-1019</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1019</url>
+      <cvename>CVE-2025-1020</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1020</url>
+    </references>
+    <dates>
+      <discovery>2025-02-04</discovery>
+      <entry>2025-02-07</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="e54a1413-e539-11ef-a845-b42e991fc52e">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>135.0.0,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>115.20,1</lt></range>
+	<range><gt>116.0,1</gt><lt>128.6,1</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>128.7</lt></range>
+	<range><gt>129</gt><lt>135</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994">
+	<p>An attacker could have caused a use-after-free via crafted XSLT
+	data, leading to a potentially exploitable crash.</p>
+	<p>An attacker could have caused a use-after-free via the Custom
+	Highlight API, leading to a potentially exploitable crash.</p>
+	<p>A race during concurrent delazification could have led to a
+	use-after-free.</p>
+	<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
+	ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
+	128.6.  Some of these bugs showed evidence of memory corruption and
+	we presume that with enough effort some of these could have been
+	exploited to run arbitrary code.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-1009</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1009</url>
+      <cvename>CVE-2025-1010</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1010</url>
+      <cvename>CVE-2025-1012</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1012</url>
+      <cvename>CVE-2025-1016</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1016</url>
+    </references>
+    <dates>
+      <discovery>2025-02-04</discovery>
+      <entry>2025-02-07</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="830381c7-e539-11ef-a845-b42e991fc52e">
+    <topic>Thundirbird -- unprivileged JavaScript code execution</topic>
+    <affects>
+      <package>
+	<name>mozilla</name>
+	<range><lt>128.7,1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1939458">
+	  <p>The Thunderbird Address Book URI fields contained unsanitized links.
+	This could be used by an attacker to create and export an address
+	book containing a malicious payload in a field.  For example, in
+	the Other field of the Instant Messaging section.  If another user
+	imported the address book, clicking on the link could result in
+	opening a web page inside Thunderbird, and that page could execute
+	(unprivileged) JavaScript.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-1015</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1015</url>
+    </references>
+    <dates>
+      <discovery>2025-02-04</discovery>
+      <entry>2025-02-07</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7bcfca95-e563-11ef-873e-8447094a420f">
     <topic>MariaDB -- DoS vulnerability in InnoDB</topic>
     <affects>