FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-08 17:51:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e	firefox -- multiple vulnerabilities security@mozilla.org reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. CVE-2024-8382: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. CVE-2024-8383: Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. CVE-2024-8384: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. CVE-2024-8385: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. CVE-2024-8386: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. CVE-2024-8387: Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2024-8389: Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Discovery 2024-09-03 Entry 2024-09-05 firefox < 130.0_1,2 CVE-2024-8381 https://nvd.nist.gov/vuln/detail/CVE-2024-8381 CVE-2024-8382 https://nvd.nist.gov/vuln/detail/CVE-2024-8382 CVE-2024-8383 https://nvd.nist.gov/vuln/detail/CVE-2024-8383 CVE-2024-8384 https://nvd.nist.gov/vuln/detail/CVE-2024-8384 CVE-2024-8385 https://nvd.nist.gov/vuln/detail/CVE-2024-8385 CVE-2024-8386 https://nvd.nist.gov/vuln/detail/CVE-2024-8386 CVE-2024-8387 https://nvd.nist.gov/vuln/detail/CVE-2024-8387 CVE-2024-8389 https://nvd.nist.gov/vuln/detail/CVE-2024-8389

VuXML ID

Description

a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e

firefox -- multiple vulnerabilities

security@mozilla.org reports:

This entry contains 8 vulnerabilities:

CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment.

CVE-2024-8382: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.

CVE-2024-8383: Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will.

CVE-2024-8384: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.

CVE-2024-8385: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.

CVE-2024-8386: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.

CVE-2024-8387: Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2024-8389: Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Discovery 2024-09-03
Entry 2024-09-05
firefox

< 130.0_1,2

CVE-2024-8381
https://nvd.nist.gov/vuln/detail/CVE-2024-8381
CVE-2024-8382
https://nvd.nist.gov/vuln/detail/CVE-2024-8382
CVE-2024-8383
https://nvd.nist.gov/vuln/detail/CVE-2024-8383
CVE-2024-8384
https://nvd.nist.gov/vuln/detail/CVE-2024-8384
CVE-2024-8385
https://nvd.nist.gov/vuln/detail/CVE-2024-8385
CVE-2024-8386
https://nvd.nist.gov/vuln/detail/CVE-2024-8386
CVE-2024-8387
https://nvd.nist.gov/vuln/detail/CVE-2024-8387
CVE-2024-8389
https://nvd.nist.gov/vuln/detail/CVE-2024-8389