From 72837ee131d8d257541a0602107c08739d540048 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Tue, 19 Dec 2023 11:41:20 -0500 Subject: [PATCH] Remove disclaimer for tbird, remove from titles, escape --- announce/2023/mfsa2023-54.yml | 16 ++++++++-------- announce/2023/mfsa2023-55.yml | 16 +++++++--------- announce/2023/mfsa2023-56.yml | 16 ++++++++-------- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/announce/2023/mfsa2023-54.yml b/announce/2023/mfsa2023-54.yml index 1fa2790..c97e535 100644 --- a/announce/2023/mfsa2023-54.yml +++ b/announce/2023/mfsa2023-54.yml @@ -6,7 +6,7 @@ fixed_in: title: Security Vulnerabilities fixed in Firefox ESR 115.6 advisories: CVE-2023-6856: - title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver impact: high reporter: DoHyun Lee description: | @@ -14,7 +14,7 @@ advisories: bugs: - url: 1843782 CVE-2023-6865: - title: Potential exposure of uninitialized data in EncryptingOutputStream + title: Potential exposure of uninitialized data in EncryptingOutputStream impact: high reporter: Jan Varga description: | @@ -30,7 +30,7 @@ advisories: bugs: - url: 1796023 CVE-2023-6858: - title: Heap buffer overflow in nsTextFragment + title: Heap buffer overflow in nsTextFragment impact: moderate reporter: Irvan Kurniawan description: | @@ -46,7 +46,7 @@ advisories: bugs: - url: 1840144 CVE-2023-6860: - title: Potential sandbox escape due to VideoBridge lack of texture validation + title: Potential sandbox escape due to VideoBridge lack of texture validation impact: moderate reporter: Andrew Osmond description: | @@ -62,15 +62,15 @@ advisories: bugs: - url: 1863863 CVE-2023-6861: - title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' + title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' impact: moderate reporter: Yangkang of 360 ATA Team description: | - The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. + The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. bugs: - url: 1864118 CVE-2023-6862: - title: Use-after-free in nsDNSService + title: Use-after-free in nsDNSService impact: moderate reporter: Randell Jesup description: | @@ -78,7 +78,7 @@ advisories: bugs: - url: 1868042 CVE-2023-6863: - title: Undefined behavior in ShutdownObserver() + title: Undefined behavior in ShutdownObserver() impact: low reporter: Ronald Crane description: | diff --git a/announce/2023/mfsa2023-55.yml b/announce/2023/mfsa2023-55.yml index f8bc084..b2e369b 100644 --- a/announce/2023/mfsa2023-55.yml +++ b/announce/2023/mfsa2023-55.yml @@ -4,8 +4,6 @@ impact: high fixed_in: - Thunderbird 115.6 title: Security Vulnerabilities fixed in Thunderbird 115.6 -description: | - *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.* advisories: CVE-2023-50762: title: Truncated signed text was shown with a valid OpenPGP signature @@ -24,7 +22,7 @@ advisories: bugs: - url: 1865647 CVE-2023-6856: - title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver impact: high reporter: DoHyun Lee description: | @@ -40,7 +38,7 @@ advisories: bugs: - url: 1796023 CVE-2023-6858: - title: Heap buffer overflow in nsTextFragment + title: Heap buffer overflow in nsTextFragment impact: moderate reporter: Irvan Kurniawan description: | @@ -56,7 +54,7 @@ advisories: bugs: - url: 1840144 CVE-2023-6860: - title: Potential sandbox escape due to VideoBridge lack of texture validation + title: Potential sandbox escape due to VideoBridge lack of texture validation impact: moderate reporter: Andrew Osmond description: | @@ -64,15 +62,15 @@ advisories: bugs: - url: 1854669 CVE-2023-6861: - title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' + title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' impact: moderate reporter: Yangkang of 360 ATA Team description: | - The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. + The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. bugs: - url: 1864118 CVE-2023-6862: - title: Use-after-free in nsDNSService + title: Use-after-free in nsDNSService impact: moderate reporter: Randell Jesup description: | @@ -80,7 +78,7 @@ advisories: bugs: - url: 1868042 CVE-2023-6863: - title: Undefined behavior in ShutdownObserver() + title: Undefined behavior in ShutdownObserver() impact: low reporter: Ronald Crane description: | diff --git a/announce/2023/mfsa2023-56.yml b/announce/2023/mfsa2023-56.yml index e378e9a..e173f2d 100644 --- a/announce/2023/mfsa2023-56.yml +++ b/announce/2023/mfsa2023-56.yml @@ -6,7 +6,7 @@ fixed_in: title: Security Vulnerabilities fixed in Firefox 121 advisories: CVE-2023-6856: - title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver impact: high reporter: DoHyun Lee description: | @@ -22,7 +22,7 @@ advisories: bugs: - url: 1853908 CVE-2023-6865: - title: Potential exposure of uninitialized data in EncryptingOutputStream + title: Potential exposure of uninitialized data in EncryptingOutputStream impact: high reporter: Jan Varga description: | @@ -38,7 +38,7 @@ advisories: bugs: - url: 1796023 CVE-2023-6858: - title: Heap buffer overflow in nsTextFragment + title: Heap buffer overflow in nsTextFragment impact: moderate reporter: Irvan Kurniawan description: | @@ -62,7 +62,7 @@ advisories: bugs: - url: 1849037 CVE-2023-6860: - title: Potential sandbox escape due to VideoBridge lack of texture validation + title: Potential sandbox escape due to VideoBridge lack of texture validation impact: moderate reporter: Andrew Osmond description: | @@ -78,11 +78,11 @@ advisories: bugs: - url: 1863863 CVE-2023-6861: - title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' + title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode' impact: moderate reporter: Yangkang of 360 ATA Team description: | - The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. + The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. bugs: - url: 1864118 CVE-2023-6868: @@ -98,7 +98,7 @@ advisories: impact: low reporter: Oriol Brufau description: | - A element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. + A <dialog> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. bugs: - url: 1799036 CVE-2023-6870: @@ -126,7 +126,7 @@ advisories: bugs: - url: 1849186 CVE-2023-6863: - title: Undefined behavior in ShutdownObserver() + title: Undefined behavior in ShutdownObserver() impact: low reporter: Ronald Crane description: |