Debian Firefox-Esr vulnerabilities

CVE-2023-4047 [HIGH] CVE-2023-4047: firefox - A bug in popup notifications delay calculation could have made it possible for a... A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-23605 [HIGH] CVE-2023-23605: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVE-2023-6856 [HIGH] CVE-2023-6856: firefox - The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overfl... The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6858 [HIGH] CVE-2023-6858: firefox - Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to ins... Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-29550 [HIGH] CVE-2023-29550: firefox - Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these b... Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Sco

CVE-2023-0767 [HIGH] CVE-2023-0767: firefox - An attacker could construct a PKCS 12 cert bundle in such a way that could allow... An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25739 [HIGH] CVE-2023-25739: firefox - Module load requests that failed were not being checked as to whether or not the... Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4055 [HIGH] CVE-2023-4055: firefox - When the number of cookies per domain was exceeded in `document.cookie`, the act... When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0

CVE-2023-25732 [HIGH] CVE-2023-25732: firefox - When encoding data from an <code>inputStream</code> in <code>xpcom</code> the si... When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25746 [HIGH] CVE-2023-25746: firefox-esr - Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evide... Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Scope: local bookworm: resolved (fixed in 102.8.0esr-1) bullseye: resolved (fixed in

CVE-2023-29536 [HIGH] CVE-2023-29536: firefox - An attacker could cause the memory manager to incorrectly free a pointer that ad... An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (

CVE-2023-25735 [HIGH] CVE-2023-25735: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-37202 [HIGH] CVE-2023-37202: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-25729 [HIGH] CVE-2023-25729: firefox - Permission prompts for opening external schemes were only shown for <code>Conten... Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbir

CVE-2023-4583 [HIGH] CVE-2023-4583: firefox - When checking if the Browsing Context had been discarded in `HttpBaseChannel`, i... When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (

CVE-2023-32213 [HIGH] CVE-2023-32213: firefox - When reading a file, an uninitialized value could have been used as read limit. ... When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-6859 [HIGH] CVE-2023-6859: firefox - A use-after-free condition affected TLS socket creation when under memory pressu... A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-4048 [HIGH] CVE-2023-4048: firefox - An out-of-bounds read could have led to an exploitable crash when parsing HTML w... An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-28162 [HIGH] CVE-2023-28162: firefox - While implementing AudioWorklets, some code may have casted one type to another,... While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-29539 [HIGH] CVE-2023-29539: firefox - When handling the filename directive in the Content-Disposition header, the file... When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, an