Navigation:
Browse pkgsrc
(this page)
www firefox1..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2025-02-04 20:19:27 by Benny Siegert | Files touched by this commit (4) |  |
Log message: firefox128: update to 128.7.0 (security) Security Vulnerabilities fixed in Firefox ESR 128.7 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. #CVE-2025-1011: A bug in WebAssembly code generation could result in a crash Impact: moderate A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption handling Impact: low A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. #CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows Impact: low A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. #CVE-2025-1014: Certificate length was not properly checked Impact: low Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. #CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 Impact: moderate Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| 2025-01-07 18:26:43 by Benny Siegert | Files touched by this commit (4) | |
Log message: firefox128, firefox128-l10n: update to 128.6.0 Security Vulnerabilities fixed in Firefox ESR 128.6 #CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack Impact: moderate The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0239: Alt-Svc ALPN validation failure when redirected Impact: moderate When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. #CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module Impact: moderate Parsing a JavaScript module as JSON could under some circumstances cause cross-compartment access, which may result in a use-after-free. #CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation Impact: moderate When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. #CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 Impact: moderate Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| 2024-12-31 05:31:34 by Ryo ONODERA | Files touched by this commit (2) |
Log message: www/firefox128-l10n: Update to 128.5.2 * Sync with www/firefox128-128.5.2. |
| 2024-11-26 19:43:00 by Benny Siegert | Files touched by this commit (2) | |
Log message: firefox128-l10n: update to 128.5.0 This updates the translation for the latest Firefox ESR release. |
| 2024-10-03 03:50:04 by David H. Gutteridge | Files touched by this commit (2) | |
Log message: firefox128-l10n: update to 128.3.0 |
| 2024-09-18 23:25:13 by David H. Gutteridge | Files touched by this commit (2) | |
Log message: firefox128-l10n: update to 128.2.0 |
| 2024-08-18 17:04:42 by Leonardo Taccari | Files touched by this commit (5) |
Log message:
www: Import firefox128-l10n-128.1.0
This package contains language packs for www/firefox128.
Based on www/firefox{,115}-l10n and packaged by myself in pkgsrc-wip.
|
New packages: