Bugzilla Automation <bugzi...@freebsd.org> has asked freebsd-gecko (Nobody) <ge...@freebsd.org> for maintainer-feedback: Bug 261410: www/firefox: unfixed security vulnerabilities https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261410
--- Description --- The current port version 95.0.2 has several security vulnerabilities which are fixed in firefox 96: <https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/> The following are classified as high impact: * CVE-2022-22746 * CVE-2022-22743 * CVE-2022-22741 * CVE-2022-22740 * CVE-2022-22738 * CVE-2022-22737 * CVE-2021-4140 * CVE-2022-22751 There are also no entries in security/vuxml. Is anyone working on the upgrade to 96.0.2? Unfortunately, the update is not trivial. Some larger patches no longer apply.
