FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-04-11 06:28:22 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b31a4e74-109d-11f0-8195-b42e991fc52e	mozilla -- memory corruption security@mozilla.org reports: CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-1935: A web page could trick a user into setting that site as the default handler for a custom URL protocol. CVE-2025-1934: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. Discovery 2025-03-04 Entry 2025-04-03 firefox < 136.0,2 librewolf < 136.0,2 firefox-esr < 128.8,1 thunderbird < 136.0 CVE-2025-1938 https://nvd.nist.gov/vuln/detail/CVE-2025-1938 CVE-2025-1935 https://nvd.nist.gov/vuln/detail/CVE-2025-1935 CVE-2025-1934 https://nvd.nist.gov/vuln/detail/CVE-2025-1934
1a67144d-0d86-11f0-8542-b42e991fc52e	mozilla -- multiple vulnerabilities security@mozilla.org reports: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136. Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. Discovery 2025-03-04 Entry 2025-03-30 firefox < 136.0,2 firefox-esr < 128.8,1 thunderbird < 136.0 thunderbird < 128.8 librewolf < 136.0 CVE-2025-1932 https://nvd.nist.gov/vuln/detail/CVE-2025-1932 CVE-2025-1941 https://nvd.nist.gov/vuln/detail/CVE-2025-1941 CVE-2025-1942 https://nvd.nist.gov/vuln/detail/CVE-2025-1942 CVE-2025-27424 https://nvd.nist.gov/vuln/detail/CVE-2025-27424

VuXML ID

Description

b31a4e74-109d-11f0-8195-b42e991fc52e

mozilla -- memory corruption

security@mozilla.org reports:

CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-1935: A web page could trick a user into setting that site as the default handler for a custom URL protocol.

CVE-2025-1934: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it.

Discovery 2025-03-04
Entry 2025-04-03
firefox

< 136.0,2

librewolf

< 136.0,2

firefox-esr

< 128.8,1

thunderbird

< 136.0

CVE-2025-1938
https://nvd.nist.gov/vuln/detail/CVE-2025-1938
CVE-2025-1935
https://nvd.nist.gov/vuln/detail/CVE-2025-1935
CVE-2025-1934
https://nvd.nist.gov/vuln/detail/CVE-2025-1934

1a67144d-0d86-11f0-8542-b42e991fc52e

mozilla -- multiple vulnerabilities

security@mozilla.org reports:

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.

Discovery 2025-03-04
Entry 2025-03-30
firefox

< 136.0,2

firefox-esr

< 128.8,1

thunderbird

< 136.0

thunderbird

< 128.8

librewolf

< 136.0

CVE-2025-1932
https://nvd.nist.gov/vuln/detail/CVE-2025-1932
CVE-2025-1941
https://nvd.nist.gov/vuln/detail/CVE-2025-1941
CVE-2025-1942
https://nvd.nist.gov/vuln/detail/CVE-2025-1942
CVE-2025-27424
https://nvd.nist.gov/vuln/detail/CVE-2025-27424