"J. Lewis Muir" <jlm...@imca-cat.org> writes:
>
> Do you actually use that version for everyday use? According to [1],
> there are many security vulnerabilities that have been fixed since
> Firefox 47, and I would bet many of those vulnerabilities exist in
> Firefox 47. That's OK to you?
>
Yes, I use it everyday. It's not ok to me, but I realize the security
risk and feel there aren't other good browser options.
I also realize NetBSD is a volunteer project, and I'm not trying to
denigrate anyone, but there are lots of other vulnerabilities in stable
pkgsrc now.
At the moment, I've got about ~270 packages installed with about 100
different vulnerabilities, so having a few for a working firefox doesn't
seem like a big deal.
Kind Regards
>lintpkgsrc -i
Scan Makefiles: ..........________________________________
Bogus: ${DISTNAME:tl:S/_pl//}-0.1 (from
/usr/pkgsrc/devel/calltree-perl/Makefile)
Bogus: ${KBUILDNAME:tl}-0.1.9998.8.2814.25 (from
/usr/pkgsrc/devel/kbuild/Makefile)
14960 packages
Version mismatch: 'firefox' 47.0.1 vs 50.1.0
Installed vulnerable packages:
Package jpeg-9b has a multiple-vulnerabilities vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3616
Package jasper-1.900.29nb1 has a unspecified vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9560
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5498
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5499
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5500
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5501
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5502
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5503
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5504
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9114
Package openjpeg-2.1.2 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9117
Package openjpeg-2.1.2 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9115
Package openjpeg-2.1.2 has a buffer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9118
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9113
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9116
Package openjpeg-2.1.2 has a floating-point-exception vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9112
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8689
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8687
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8688
Package pcre-8.39 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6004
Package policykit-0.9nb20 has a integer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4625
Package policykit-0.9nb20 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3218
Package policykit-0.9nb20 has a privilege-escalation vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3255
Package policykit-0.9nb20 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3256
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5974
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5975
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5976
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5977
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5978
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5979
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5980
Package zziplib-0.13.59 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5981
Package tiff-4.0.7nb1 has a arbitrary-memory-access vulnerability, see
http://www.securityfocus.com/archive/1/537205
Package tiff-4.0.7nb1 has a multiple-vulnerabilities vulnerability, see
https://www.debian.org/security/2016/dsa-3467
Package tiff-4.0.7nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
Package tiff-4.0.7nb1 has a remote-code-execution vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8331
Package tiff-4.0.7nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5225
Package tiff-4.0.7nb1 has a out-of-bounds-write vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9453
Package tiff-4.0.7nb1 has a null-dereference vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448
Package tiff-4.0.7nb1 has a out-of-bounds-read vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563
Package tiff-4.0.7nb1 has a buffer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10092
Package tiff-4.0.7nb1 has a buffer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10093
Package tiff-4.0.7nb1 has a buffer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10094
Package tiff-4.0.7nb1 has a buffer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10095
Package libwebp-0.5.1 has a integer-overflow vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9085
Package ghostscript-gpl-9.06nb9 has a use-after-free vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6196
Package guile20-2.0.12nb2 has a arbitrary-code-execution vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8606
Package guile20-2.0.12nb2 has a insecure-file-permissions vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8605
Package cairo-1.14.8 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9082
Package gstreamer1-1.10.0 has a multiple-vulnerabilities vulnerability, see
https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
Package gstreamer1-1.10.0 has a multiple-vulnerabilities vulnerability, see
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Package qemu-2.7.0nb1 has a information-disclosure vulnerability, see
http://xenbits.xen.org/xsa/advisory-140.html
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8577
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8576
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8667
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8578
Package qemu-2.7.0nb1 has a out-of-bounds-read vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8668
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8909
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8669
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8910
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9106
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9105
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9104
Package qemu-2.7.0nb1 has a sensitive-information-disclosure vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9103
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9102
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9101
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7995
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7994
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7466
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7422
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7421
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7170
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7157
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7156
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7155
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6836
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9907
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9923
Package qemu-2.7.0nb1 has a information-disclosure vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9908
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9911
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9921
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9912
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9776
Package qemu-2.7.0nb1 has a information-leak vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9845
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9913
Package qemu-2.7.0nb1 has a information-leak vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9846
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9915
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9916
Package qemu-2.7.0nb1 has a denial-of-service vulnerability, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9914
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox49
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox50
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox50.0.1
Package firefox-47.0.1 has a use-after-free vulnerability, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox50.0.2
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/
Package firefox-47.0.1 has a multiple-vulnerabilities vulnerability, see
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
