Document recent Firefox vulnerabilities

svn path=/head/; revision=410651
2016-03-08 19:45:11 +00:00 · 2016-03-08 19:45:11 +00:00 · 666352f240 · 2021-03-31 03:12:20 +00:00
commit 666352f240
parent 93d6aeafe4
1 changed files with 293 additions and 5 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,292 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="2225c5b4-1e5a-44fc-9920-b3201c384a15">
+    <topic>mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<name>linux-firefox</name>
+	<range><lt>45.0,1</lt></range>
+      </package>
+      <package>
+	<name>seamonkey</name>
+	<name>linux-seamonkey</name>
+	<range><lt>2.42</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>38.7.0,1</lt></range>
+      </package>
+      <package>
+	<name>libxul</name>
+	<name>thunderbird</name>
+	<name>linux-thunderbird</name>
+	<range><lt>38.7.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mozilla Foundation reports:</p>
+	<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45">
+	  <p>MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0
+	    / rv:38.7)</p>
+	  <p>MFSA 2016-17 Local file overwriting and potential
+	    privilege escalation through CSP reports</p>
+	  <p>MFSA 2016-18 CSP reports fail to strip location
+	    information for embedded iframe pages</p>
+	  <p>MFSA 2016-19 Linux video memory DOS with Intel
+	    drivers</p>
+	  <p>MFSA 2016-20 Memory leak in libstagefright when deleting
+	    an array during MP4 processing</p>
+	  <p>MFSA 2016-21 Displayed page address can be overridden</p>
+	  <p>MFSA 2016-22 Service Worker Manager out-of-bounds read in
+	    Service Worker Manager</p>
+	  <p>MFSA 2016-23 Use-after-free in HTML5 string parser</p>
+	  <p>MFSA 2016-24 Use-after-free in SetBody</p>
+	  <p>MFSA 2016-25 Use-after-free when using multiple WebRTC
+	    data channels</p>
+	  <p>MFSA 2016-26 Memory corruption when modifying a file
+	    being read by FileReader</p>
+	  <p>MFSA 2016-27 Use-after-free during XML
+	    transformations</p>
+	  <p>MFSA 2016-28 Addressbar spoofing though history
+	    navigation and Location protocol property</p>
+	  <p>MFSA 2016-29 Same-origin policy violation using
+	    perfomance.getEntries and history navigation with session
+	    restore</p>
+	  <p>MFSA 2016-30 Buffer overflow in Brotli decompression</p>
+	  <p>MFSA 2016-31 Memory corruption with malicious NPAPI
+	    plugin</p>
+	  <p>MFSA 2016-32 WebRTC and LibVPX vulnerabilities found
+	    through code inspection</p>
+	  <p>MFSA 2016-33 Use-after-free in GetStaticInstance in
+	    WebRTC</p>
+	  <p>MFSA 2016-34 Out-of-bounds read in HTML parser following
+	    a failed allocation</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-1952</cvename>
+      <cvename>CVE-2016-1953</cvename>
+      <cvename>CVE-2016-1954</cvename>
+      <cvename>CVE-2016-1955</cvename>
+      <cvename>CVE-2016-1956</cvename>
+      <cvename>CVE-2016-1957</cvename>
+      <cvename>CVE-2016-1958</cvename>
+      <cvename>CVE-2016-1959</cvename>
+      <cvename>CVE-2016-1960</cvename>
+      <cvename>CVE-2016-1961</cvename>
+      <cvename>CVE-2016-1962</cvename>
+      <cvename>CVE-2016-1963</cvename>
+      <cvename>CVE-2016-1964</cvename>
+      <cvename>CVE-2016-1965</cvename>
+      <cvename>CVE-2016-1966</cvename>
+      <cvename>CVE-2016-1967</cvename>
+      <cvename>CVE-2016-1968</cvename>
+      <cvename>CVE-2016-1970</cvename>
+      <cvename>CVE-2016-1971</cvename>
+      <cvename>CVE-2016-1972</cvename>
+      <cvename>CVE-2016-1973</cvename>
+      <cvename>CVE-2016-1974</cvename>
+      <cvename>CVE-2016-1975</cvename>
+      <cvename>CVE-2016-1976</cvename>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-16/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-17/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-18/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-19/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-20/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-21/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-22/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-23/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-24/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-25/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-26/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-27/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-28/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-29/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-30/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-31/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-32/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-33/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-34/</url>
+    </references>
+    <dates>
+      <discovery>2016-03-08</discovery>
+      <entry>2016-03-08</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="adffe823-e692-4921-ae9c-0b825c218372">
+    <topic>graphite2 -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>graphite2</name>
+	<range><lt>1.3.6</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>45.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>38.7.0</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.42</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mozilla Foundation reports:</p>
+	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/">
+	  <p>Security researcher Holger Fuhrmannek and Mozilla
+	    security engineer Tyson Smith reported a number of security
+	    vulnerabilities in the Graphite 2 library affecting version
+	    1.3.5.
+
+	    The issue reported by Holger Fuhrmannek is a mechanism to
+	    induce stack corruption with a malicious graphite font. This
+	    leads to a potentially exploitable crash when the font is
+	    loaded.
+
+	    Tyson Smith used the Address Sanitizer tool in concert with
+	    a custom software fuzzer to find a series of uninitialized
+	    memory, out-of-bounds read, and out-of-bounds write errors
+	    when working with fuzzed graphite fonts.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-37/</url>
+      <cvename>CVE-2016-1977</cvename>
+      <cvename>CVE-2016-2790</cvename>
+      <cvename>CVE-2016-2791</cvename>
+      <cvename>CVE-2016-2792</cvename>
+      <cvename>CVE-2016-2793</cvename>
+      <cvename>CVE-2016-2794</cvename>
+      <cvename>CVE-2016-2795</cvename>
+      <cvename>CVE-2016-2796</cvename>
+      <cvename>CVE-2016-2797</cvename>
+      <cvename>CVE-2016-2798</cvename>
+      <cvename>CVE-2016-2799</cvename>
+      <cvename>CVE-2016-2800</cvename>
+      <cvename>CVE-2016-2801</cvename>
+      <cvename>CVE-2016-2802</cvename>
+    </references>
+    <dates>
+      <discovery>2016-03-08</discovery>
+      <entry>2016-03-08</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c4292768-5273-4f17-a267-c5fe35125ce4">
+    <topic>NSS -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>nss</name>
+	<name>linux-c6-nss</name>
+	<range><ge>3.20</ge><lt>3.21.1</lt></range>
+	<range><lt>3.19.2.3</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>45.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>38.7.0</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.42</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mozilla Foundation reports:</p>
+	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/">
+	  <p>Security researcher Francis Gabriel reported a heap-based
+	    buffer overflow in the way the Network Security Services
+	    (NSS) libraries parsed certain ASN.1 structures. An attacker
+	    could create a specially-crafted certificate which, when
+	    parsed by NSS, would cause it to crash or execute arbitrary
+	    code with the permissions of the user.</p>
+	</blockquote>
+	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/">
+	  <p>Mozilla developer Tim Taubert used the Address Sanitizer
+	    tool and software fuzzing to discover a use-after-free
+	    vulnerability while processing DER encoded keys in the
+	    Network Security Services (NSS) libraries. The vulnerability
+	    overwrites the freed memory with zeroes.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-1950</cvename>
+      <cvename>CVE-2016-1979</cvename>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-35/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-36/</url>
+      <url>https://hg.mozilla.org/projects/nss/rev/b9a31471759d</url>
+      <url>https://hg.mozilla.org/projects/nss/rev/7033b1193c94</url>
+    </references>
+    <dates>
+      <discovery>2016-03-08</discovery>
+      <entry>2016-03-08</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="75091516-6f4b-4059-9884-6727023dc366">
+    <topic>NSS -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>nss</name>
+	<name>linux-c6-nss</name>
+	<range><lt>3.21</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>44.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-seamonkey</name>
+	<range><lt>2.41</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mozilla Foundation reports:</p>
+	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/">
+	  <p>Security researcher Hanno Böck reported that calculations
+	    with mp_div and mp_exptmod in Network Security Services
+	    (NSS) can produce wrong results in some circumstances. These
+	    functions are used within NSS for a variety of cryptographic
+	    division functions, leading to potential cryptographic
+	    weaknesses.</p>
+	</blockquote>
+	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/">
+	  <p>Mozilla developer Eric Rescorla reported that a failed
+	    allocation during DHE and ECDHE handshakes would lead to a
+	    use-after-free vulnerability.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-1938</cvename>
+      <cvename>CVE-2016-1978</cvename>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-07/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-15/</url>
+      <url>https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a</url>
+      <url>https://hg.mozilla.org/projects/nss/rev/a245a4ccd354</url>
+    </references>
+    <dates>
+      <discovery>2016-01-26</discovery>
+      <entry>2016-03-08</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="f9e6c0d1-e4cc-11e5-b2bd-002590263bf5">
    <topic>django -- multiple vulnerabilies</topic>
    <affects>
@ -1903,6 +2189,10 @@ Notes:
 	<name>silgraphite</name>
 	<range><lt>2.3.1_4</lt></range>
      </package>
+      <package>
+	<name>linux-thunderbird</name>
+	<range><lt>38.6.0</lt></range>
+      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
@ -1926,6 +2216,7 @@ Notes:
    <references>
      <url>http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html</url>
      <url>http://www.talosintel.com/reports/TALOS-2016-0061/</url>
+      <url>https://www.mozilla.org/security/advisories/mfsa2016-14/</url>
      <cvename>CVE-2016-1521</cvename>
      <cvename>CVE-2016-1522</cvename>
      <cvename>CVE-2016-1523</cvename>
@ -1934,7 +2225,7 @@ Notes:
    <dates>
      <discovery>2016-02-05</discovery>
      <entry>2016-02-09</entry>
-      <modified>2016-03-02</modified>
+      <modified>2016-03-08</modified>
    </dates>
  </vuln>

@ -2533,8 +2824,6 @@ Notes:
 	    set in cookie names</p>
 	  <p>MFSA 2016-06 Missing delay following user click events in
 	    protocol handler dialog</p>
-	  <p>MFSA 2016-07 Errors in mp_div and mp_exptmod
-	    cryptographic functions in NSS</p>
 	  <p>MFSA 2016-09 Addressbar spoofing attacks</p>
 	  <p>MFSA 2016-10 Unsafe memory manipulation found through
 	    code inspection</p>
@ -2550,7 +2839,6 @@ Notes:
      <cvename>CVE-2016-1933</cvename>
      <cvename>CVE-2016-1935</cvename>
      <cvename>CVE-2016-1937</cvename>
-      <cvename>CVE-2016-1938</cvename>
      <cvename>CVE-2016-1939</cvename>
      <cvename>CVE-2016-1942</cvename>
      <cvename>CVE-2016-1943</cvename>
@ -2563,7 +2851,6 @@ Notes:
      <url>https://www.mozilla.org/security/advisories/mfsa2016-03/</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2016-04/</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2016-06/</url>
-      <url>https://www.mozilla.org/security/advisories/mfsa2016-07/</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2016-09/</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2016-10/</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2016-11/</url>
@ -2571,6 +2858,7 @@ Notes:
    <dates>
      <discovery>2016-01-26</discovery>
      <entry>2016-02-01</entry>
+      <modified>2016-03-08</modified>
    </dates>
  </vuln>