document recent mozilla vulnerabilities

svn path=/head/; revision=290222
2012-02-01 09:46:07 +00:00 · 2012-02-01 09:46:07 +00:00 · 6274076f75 · 2021-03-31 03:12:20 +00:00
commit 6274076f75
parent ab048071e8
1 changed files with 79 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -47,6 +47,85 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="0a9e2b72-4cb7-11e1-9146-14dae9ebcf89">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><gt>4.0,1</gt><lt>10.0,1</lt></range>
+	<range><ge>3.6.*</ge><lt>3.6.26</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>10.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.7</lt></range>
+      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>10.0</lt></range>
+      </package>
+      <package>
+	<name>seamonkey</name>
+	<range><lt>2.7</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><gt>4.0</gt><lt>10.0</lt></range>
+	<range><gt>3.1.*</gt><lt>3.1.18</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Mozilla Project reports:</p>
+	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
+	  <p>MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/
+	    rv:1.9.2.26)</p>
+	  <p>MFSA 2012-02 Overly permissive IPv6 literal syntax</p>
+	  <p>MFSA 2012-03 iframe element exposed across domains via name
+	    attribute</p>
+	  <p>MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after
+	    removal of nodes</p>
+	  <p>MFSA 2012-05 Frame scripts calling into untrusted objects bypass
+	    security checks</p>
+	  <p>MFSA 2012-06 Uninitialized memory appended when encoding icon
+	    images may cause information disclosure</p>
+	  <p>MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis
+	    files</p>
+	  <p>MFSA 2012-08 Crash with malformed embedded XSLT stylesheets</p>
+	  <p>MFSA 2012-09 Firefox Recovery Key.html is saved with unsafe
+	    permission</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2012-0442</cvename>
+	<cvename>CVE-2012-0443</cvename>
+	<cvename>CVE-2011-3670</cvename>
+	<cvename>CVE-2012-0445</cvename>
+	<cvename>CVE-2011-3659</cvename>
+	<cvename>CVE-2012-0446</cvename>
+	<cvename>CVE-2012-0447</cvename>
+	<cvename>CVE-2012-0449</cvename>
+	<cvename>CVE-2012-0450</cvename>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-01.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-02.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-03.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-04.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-05.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-06.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-07.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-08.html</url>
+	<url>http://www.mozilla.org/security/announce/2012/mfsa2012-09.html</url>
+    </references>
+    <dates>
+      <discovery>2012-01-31</discovery>
+      <entry>2012-02-01</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="7c920bb7-4b5f-11e1-9f47-00e0815b8da8">
    <topic>sudo -- format string vulnerability</topic>
    <affects>