Debian Firefox-Esr vulnerabilities

CVE-2024-5693 [MEDIUM] CVE-2024-5693: firefox - Offscreen Canvas did not properly track cross-origin tainting, which could be us... Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Scope: local sid: resolved (fixed in 127.0-1)

CVE-2024-7526 [MEDIUM] CVE-2024-7526: firefox - ANGLE failed to initialize parameters which lead to reading from uninitialized m... ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Scope: local sid: resolved (fixed in 129.0-1)

CVE-2024-1548 [MEDIUM] CVE-2024-1548: firefox - A website could have obscured the fullscreen notification by using a dropdown se... A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)

CVE-2024-0742 [MEDIUM] CVE-2024-0742: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi... It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Scope: local sid: resolved (fixed in 122.0-1)

CVE-2024-6601 [MEDIUM] CVE-2024-6601: firefox - A race condition could lead to a cross-origin container obtaining permissions of... A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)

CVE-2024-7531 [MEDIUM] CVE-2024-7531: firefox - Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input... Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite t

CVE-2024-10461 [MEDIUM] CVE-2024-10461: firefox - In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the... In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)

CVE-2024-11692 [MEDIUM] CVE-2024-11692: firefox - An attacker could cause a select dropdown to be shown over another tab; this cou... An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved (fixed in 133.0-1)

CVE-2024-2610 [MEDIUM] CVE-2024-2610: firefox - Using a markup injection an attacker could have stolen nonce values. This could ... Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2024-3861 [MEDIUM] CVE-2024-3861: firefox - If an AlignedBuffer were assigned to itself, the subsequent self-move could resu... If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-7529 [MEDIUM] CVE-2024-7529: firefox - The date picker could partially obscure security prompts. This could be used by ... The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Scope: local sid: resolved (fixed in 129.0-1)

CVE-2024-11696 [MEDIUM] CVE-2024-11696: firefox - The application failed to account for exceptions thrown by the `loadManifestFrom... The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have

CVE-2024-11695 [MEDIUM] CVE-2024-11695: firefox - A crafted URL containing Arabic script and whitespace characters could have hidd... A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved (fixed in 133.0-1)

CVE-2024-7524 [MEDIUM] CVE-2024-7524: firefox - Firefox adds web-compatibility shims in place of some tracking scripts blocked b... Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerabili

CVE-2024-4767 [MEDIUM] CVE-2024-4767: firefox - If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB file... If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Scope: local sid: resolved (fixed in 126.0-1)

CVE-2024-1547 [MEDIUM] CVE-2024-1547: firefox - Through a series of API calls and redirects, an attacker-controlled alert dialog... Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)

CVE-2024-10463 [MEDIUM] CVE-2024-10463: firefox - Video frames could have been leaked between origins in some situations. This vul... Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)

CVE-2024-1549 [MEDIUM] CVE-2024-1549: firefox - If a website set a large custom cursor, portions of the cursor could have overla... If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)

CVE-2024-1550 [MEDIUM] CVE-2024-1550: firefox - A malicious website could have used a combination of exiting fullscreen mode and... A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: loc

CVE-2024-1551 [MEDIUM] CVE-2024-1551: firefox - Set-Cookie response headers were being incorrectly honored in multipart HTTP res... Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <