FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-20 09:44:03 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
20485d27-e540-11ef-a845-b42e991fc52e	mozilla -- multiple vulnerabilities security@mozilla.org reports: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Discovery 2025-02-04 Entry 2025-02-07 firefox < 135.0.0,2 firefox-esr < 128.7,1 thunderbird < 128.7 > 129 lt 135 CVE-2025-1011 https://nvd.nist.gov/vuln/detail/CVE-2025-1011 CVE-2025-1013 https://nvd.nist.gov/vuln/detail/CVE-2025-1013 CVE-2025-1014 https://nvd.nist.gov/vuln/detail/CVE-2025-1014 CVE-2025-1017 https://nvd.nist.gov/vuln/detail/CVE-2025-1017
e54a1413-e539-11ef-a845-b42e991fc52e	mozilla -- multiple vulnerabilities security@mozilla.org reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent delazification could have led to a use-after-free. Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Discovery 2025-02-04 Entry 2025-02-07 firefox < 135.0.0,2 firefox-esr < 115.20,1 > 116.0,1 lt 128.6,1 thunderbird < 128.7 > 129 lt 135 CVE-2025-1009 https://nvd.nist.gov/vuln/detail/CVE-2025-1009 CVE-2025-1010 https://nvd.nist.gov/vuln/detail/CVE-2025-1010 CVE-2025-1012 https://nvd.nist.gov/vuln/detail/CVE-2025-1012 CVE-2025-1016 https://nvd.nist.gov/vuln/detail/CVE-2025-1016

VuXML ID

Description

20485d27-e540-11ef-a845-b42e991fc52e

mozilla -- multiple vulnerabilities

security@mozilla.org reports:

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Discovery 2025-02-04
Entry 2025-02-07
firefox

< 135.0.0,2

firefox-esr

< 128.7,1

thunderbird

< 128.7

> 129 lt 135

CVE-2025-1011
https://nvd.nist.gov/vuln/detail/CVE-2025-1011
CVE-2025-1013
https://nvd.nist.gov/vuln/detail/CVE-2025-1013
CVE-2025-1014
https://nvd.nist.gov/vuln/detail/CVE-2025-1014
CVE-2025-1017
https://nvd.nist.gov/vuln/detail/CVE-2025-1017

e54a1413-e539-11ef-a845-b42e991fc52e