maintainer-feedback requested: [Bug 220607] www/libxul: Multiple CVEs, update to >= 52.2.0

Mon, 10 Jul 2017 10:57:23 -0700 

Andrew Marks <amra...@gmail.com> has reassigned Bugzilla Automation
<bugzi...@freebsd.org>'s request for maintainer-feedback to ge...@freebsd.org:
Bug 220607: www/libxul: Multiple CVEs, update to >= 52.2.0
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220607



--- Description ---
I've been told these are all applicable, but have not yet done any independent
research.

CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-7749: Use-after-free during docshell reloading
CVE-2017-7750: Use-after-free with track elements
CVE-2017-7751: Use-after-free with content viewer listeners
CVE-2017-7752: Use-after-free with IME input
CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
CVE-2017-7755: Privilege escalation through Firefox Installer with same
directory DLL files
CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
CVE-2017-7757: Use-after-free in IndexedDB
CVE-2017-7778: Vulnerabilities in the Graphite 2 library
CVE-2017-7758: Out-of-bounds read in Opus encoder
CVE-2017-7759: Android intent URLs can cause navigation to local file system
CVE-2017-7760: File manipulation and privilege escalation via callback
parameter in Mozilla Windows Updater and Maintenance Service
CVE-2017-7761: File deletion and privilege escalation through Mozilla
Maintenance Service helper.exe application
CVE-2017-7762: Addressbar spoofing in Reader mode
CVE-2017-7763: Mac fonts render some unicode characters as spaces
CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other
unicode blocks
CVE-2017-7765: Mark of the Web bypass when saving executable files
CVE-2017-7766: File execution and privilege escalation through updater.ini,
Mozilla Windows Updater, and Mozilla Maintenance Service
CVE-2017-7767: Privilege escalation and arbitrary file overwrites through
Mozilla Windows Updater and Mozilla Maintenance Service
CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
CVE-2017-5471: Memory safety bugs fixed in Firefox 54
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
_______________________________________________
freebsd-gecko@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "freebsd-gecko-unsubscr...@freebsd.org"

Reply via email to