Debian Firefox-Esr vulnerabilities

CVE-2024-11693 [CRITICAL] CVE-2024-11693: firefox - The executable file warning was not presented when downloading .library-ms files... The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved

CVE-2024-11698 [CRITICAL] CVE-2024-11698: firefox - A flaw in handling fullscreen transitions may have inadvertently caused the appl... A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the brow

CVE-2024-2616 [LOW] CVE-2024-2616: firefox-esr - To harden ICU against exploitation, the behavior for out-of-memory conditions wa... To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Scope: local bookworm: resolved (fixed in 115.9.0esr-1~deb12u1) bullseye: resolved (fixed in 115.9.0esr-1~deb11u1) forky: resolved (fixed in 115.9.0esr-1) sid: reso

CVE-2024-3302 [LOW] CVE-2024-3302: firefox - There was no limit to the number of HTTP/2 CONTINUATION frames that would be pro... There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2023-5730 [CRITICAL] CVE-2023-5730: firefox - Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 11... Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed

CVE-2023-4056 [CRITICAL] CVE-2023-4056: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 1

CVE-2023-4057 [CRITICAL] CVE-2023-4057: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 11... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Scope: local sid: resolved (fixed i

CVE-2023-34416 [CRITICAL] CVE-2023-34416: firefox - Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 1... Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Scope: local sid: resolved (f

CVE-2023-5176 [CRITICAL] CVE-2023-5176: firefox - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 11... Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed i

CVE-2023-25744 [HIGH] CVE-2023-25744: firefox - Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these ... Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6207 [HIGH] CVE-2023-6207: firefox - Ownership mismanagement led to a use-after-free in ReadableByteStreams This vuln... Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6861 [HIGH] CVE-2023-6861: firefox - The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflo... The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-32215 [HIGH] CVE-2023-32215: firefox - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily M... Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r

CVE-2023-32207 [HIGH] CVE-2023-32207: firefox - A missing delay in popup notifications could have made it possible for an attack... A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-5217 [HIGH] CVE-2023-5217: chromium - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5... Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~deb11u1) forky: resolved

CVE-2023-29541 [HIGH] CVE-2023-29541: firefox - Firefox did not properly handle downloads of files ending in <code>.desktop</cod... Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Andro

CVE-2023-6212 [HIGH] CVE-2023-6212: firefox - Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 11... Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in

CVE-2023-28176 [HIGH] CVE-2023-28176: firefox - Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these b... Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-37211 [HIGH] CVE-2023-37211: firefox - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 1... Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed

CVE-2023-4050 [HIGH] CVE-2023-4050: firefox - In some cases, an untrusted input stream was copied to a stack buffer without ch... In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)