Navigation:
Browse pkgsrc
(this page)
www firefox1..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-11-26 19:41:50 by Benny Siegert | Files touched by this commit (3) |  |
Log message: firefox128: update to 128.5.0 Security Vulnerabilities fixed in Firefox ESR 128.5 #CVE-2024-11691: Memory corruption in Apple GPU drivers Impact: high An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. Note: This issue only affected macOS operating systems. Other operating systems are unaffected. #CVE-2024-11692: Select list elements could be shown over another site Impact: moderate An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. #CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows Impact: moderate The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. #CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters Impact: moderate A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. #CVE-2024-11696: Unhandled Exception in Add-on Signature Verification Impact: moderate The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. #CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog Impact: low When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This \ could have led to malicious code execution. #CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS Impact: low A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. This bug only affects the application when running on macOS. Other operating systems are unaffected. #CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 Impact: high Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| 2024-11-17 08:17:06 by Thomas Klausner | Files touched by this commit (944) |
Log message: *: recursive bump for default-on option of at-spi2-core |
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: revbump for icu downgrade |
| 2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) |
Log message: *: recursive bump for icu 76.1 shlib bump |
| 2024-10-30 17:29:43 by David H. Gutteridge | Files touched by this commit (2) | |
Log message: firefox128: update to 128.4.0 Fixes for Mozilla Foundation Security Advisory 2024-56 CVE-2024-10458: Permission leak via embed or object elements CVE-2024-10459: Use-after-free in layout with accessibility CVE-2024-10460: Confusing display of origin for external protocol handler prompt CVE-2024-10461: XSS due to Content-Disposition being ignored in \ multipart/x-mixed-replace response CVE-2024-10462: Origin of permission prompt could be spoofed by long URL CVE-2024-10463: Cross origin video frame leak CVE-2024-10464: History interface could have been used to cause a Denial of \ Service condition in the browser CVE-2024-10465: Clipboard "paste" button persisted across tabs CVE-2024-10466: DOM push subscription message could hang Firefox CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, \ Firefox ESR 128.4, and Thunderbird 128.4 |
| 2024-10-10 15:55:41 by David H. Gutteridge | Files touched by this commit (2) | |
Log message: firefox128: update to 128.3.1 * Fixes for mfsa2024-51, also known as CVE-2024-9680. |
| 2024-10-03 03:48:53 by David H. Gutteridge | Files touched by this commit (2) | |
Log message: firefox128: update to 128.3.0 * Fixes for mfsa2024-47, also known as: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-8900, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400, CVE-2024-9401, CVE-2024-9402 |
New packages: