FreeBSD Bugzilla – Attachment 174541 Details for
Bug 212463
mail/thunderbird: update to 45.3.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
vuln.xml fragment for mozilla 48/45.3esr
vuln.xml_mozilla (text/plain), 5.69 KB, created by
Christoph Moench-Tegeder
on 2016-09-08 19:46:05 UTC
(
hide
)
Description:
vuln.xml fragment for mozilla 48/45.3esr
Filename:
MIME Type:
Creator:
Christoph Moench-Tegeder
Created:
2016-09-08 19:46:05 UTC
Size:
5.69 KB
patch
obsolete
> <vuln vid="aa1aefe3-6e37-47db-bfda-343ef4acb1b5"> > <topic>Mozilla -- multiple vulnerabilities</topic> > <affects> > <package> > <name>firefox</name> > <range><lt>48.0,1</lt></range> > </package> > <package> > <name>firefox-esr</name> > <range><lt>45.3.0,1</lt></range> > </package> > <package> > <name>linux-firefox</name> > <range><lt>45.3.0,2</lt></range> > </package> > <package> > <name>libxul</name> > <name>thunderbird</name> > <name>linux-thunderbird</name> > <range><lt>45.3.0</lt></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <p>Mozilla Foundation reports:</p> > <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.3"> > <p>MFSA2016-84 Information disclosure through Resource Timing API \ > during page navigation</p> > <p>MFSA2016-83 Spoofing attack through text injection into \ > internal error pages</p> > <p>MFSA2016-82 Addressbar spoofing with right-to-left characters \ > on Firefox for Android</p> > <p>MFSA2016-81 Information disclosure and local file \ > manipulation through drag and drop</p> > <p>MFSA2016-80 Same-origin policy violation using local HTML > file and saved shortcut file</p> > <p>MFSA2016-79 Use-after-free when applying SVG effects</p> > <p>MFSA2016-78 Type confusion in display transformation</p> > <p>MFSA2016-77 Buffer overflow in ClearKey Content Decryption > Module (CDM) during video playback</p> > <p>MFSA2016-76 Scripts on marquee tag can execute in sandboxed > iframes</p> > <p>MFSA2016-75 Integer overflow in WebSockets during data \ > buffering</p> > <p>MFSA2016-74 Form input type change from password to text \ > can store plain text password in session restore file</p> > <p>MFSA2016-73 Use-after-free in service workers with nested > sync events</p> > <p>MFSA2016-72 Use-after-free in DTLS during WebRTC session > shutdown</p> > <p>MFSA2016-71 Crash in incremental garbage collection in \ > JavaScript</p> > <p>MFSA2016-70 Use-after-free when using alt key and toplevel > menus</p> > <p>MFSA2016-69 Arbitrary file manipulation by local user through \ > Mozilla updater and callback application path parameter</p> > <p>MFSA2016-68 Out-of-bounds read during XML parsing in \ > Expat library</p> > <p>MFSA2016-67 Stack underflow during 2D graphics rendering</p> > <p>MFSA2016-66 Location bar spoofing via data URLs with \ > malformed/invalid mediatypes</p> > <p>MFSA2016-65 Cairo rendering crash due to memory allocation > issue with FFmpeg 0.10</p> > <p>MFSA2016-64 Buffer overflow rendering SVG with bidirectional > content</p> > <p>MFSA2016-63 Favicon network connection can persist when page > is closed</p> > <p>MFSA2016-62 Miscellaneous memory safety hazards (rv:48.0 / > rv:45.3)</p> > </blockquote> > </body> > </description> > <references> > <cvename>CVE-2016-0718</cvename> > <cvename>CVE-2016-2830</cvename> > <cvename>CVE-2016-2835</cvename> > <cvename>CVE-2016-2836</cvename> > <cvename>CVE-2016-2837</cvename> > <cvename>CVE-2016-2838</cvename> > <cvename>CVE-2016-2839</cvename> > <cvename>CVE-2016-5250</cvename> > <cvename>CVE-2016-5251</cvename> > <cvename>CVE-2016-5252</cvename> > <cvename>CVE-2016-5253</cvename> > <cvename>CVE-2016-5254</cvename> > <cvename>CVE-2016-5255</cvename> > <cvename>CVE-2016-5258</cvename> > <cvename>CVE-2016-5259</cvename> > <cvename>CVE-2016-5260</cvename> > <cvename>CVE-2016-5261</cvename> > <cvename>CVE-2016-5262</cvename> > <cvename>CVE-2016-5263</cvename> > <cvename>CVE-2016-5264</cvename> > <cvename>CVE-2016-5265</cvename> > <cvename>CVE-2016-5266</cvename> > <cvename>CVE-2016-5267</cvename> > <cvename>CVE-2016-5268</cvename> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/</url> > <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/</url> > </references> > <dates> > <discovery>2016-08-30</discovery> > <entry>2016-09-07</entry> > </dates> > </vuln>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174541">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jbeich
:
maintainer-approval+
Actions:
View
Attachments on
bug 212463
:
174482
|
174483
|
174484
|
174517
| 174541