SeaMonkey and XULRunner are likely affected as well but not listed in MFSAs. Taking discovery date as the commit date of the latest fix in the series under esr24 branch. <vuln vid="da2e025f-a78d-46e4-83ee-7c65f9897f11"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> <package> <name>firefox</name> <range><lt>32.0,1</lt></range> </package> <package> <name>linux-firefox</name> <range><lt>32.0,1</lt></range> </package> <package> <name>firefox-esr</name> <range><lt>31.1.0,1</lt></range> </package> <package> <name>linux-thunderbird</name> <range><lt>31.1.0</lt></range> </package> <package> <name>thunderbird</name> <range><lt>31.1.0</lt></range> </package> <package> <name>linux-seamonkey</name> <range><lt>2.29</lt></range> </package> <package> <name>seamonkey</name> <range><lt>2.29</lt></range> </package> <package> <name>libxul</name> <range><lt>24.8.0</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-72 Use-after-free setting text directionality</p> <p>MFSA 2014-71 Profile directory file access through file: protocol</p> <p>MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline</p> <p>MFSA 2014-69 Uninitialized memory use during GIF rendering</p> <p>MFSA 2014-68 Use-after-free during DOM interactions with SVG</p> <p>MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)</p> </blockquote> </body> </description> <references> <cvename>CVE-2014-1553</cvename> <cvename>CVE-2014-1554</cvename> <cvename>CVE-2014-1562</cvename> <cvename>CVE-2014-1563</cvename> <cvename>CVE-2014-1564</cvename> <cvename>CVE-2014-1565</cvename> <cvename>CVE-2014-1566</cvename> <cvename>CVE-2014-1567</cvename> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-67.html</url> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-68.html</url> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-69.html</url> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-70.html</url> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-71.html</url> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-72.html</url> <url>https://www.mozilla.org/security/announce/</url> </references> <dates> <discovery>2014-08-18</discovery> <entry>2014-09-02</entry> </dates> </vuln>
Auto-assigned to maintainer ports-secteam@FreeBSD.org
Moving to gecko@. Probably not worth to bother this late unless VuXML is supposed to be precise about all vulnerabilities.
Hi, Not worth to bother about this late.