Debian Firefox-Esr vulnerabilities

CVE-2023-25737 [HIGH] CVE-2023-25737: firefox - An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> coul... An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-37208 [HIGH] CVE-2023-37208: firefox - When opening Diagcab files, Firefox did not warn the user that these files may c... When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-5724 [HIGH] CVE-2023-5724: firefox - Drivers are not always robust to extremely large draw calls and in some cases th... Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-5728 [HIGH] CVE-2023-5728: firefox - During garbage collection extra operations were performed on a object that shoul... During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-6208 [HIGH] CVE-2023-6208: firefox - When using X11, text selected by the page using the Selection API was erroneousl... When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-4051 [HIGH] CVE-2023-4051: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-6863 [HIGH] CVE-2023-6863: firefox - The `ShutdownObserver()` was susceptible to potentially undefined behavior due t... The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6864 [HIGH] CVE-2023-6864: firefox - Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 11... Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 12

CVE-2023-4584 [HIGH] CVE-2023-4584: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1... Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Th

CVE-2023-6862 [HIGH] CVE-2023-6862: firefox-esr - A use-after-free was identified in the `nsDNSService::Init`. This issue appears... A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. Scope: local bookworm: resolved (fixed in 115.6.0esr-1~deb12u1) bullseye: resolved (fixed in 115.6.0esr-1~deb11u1) forky: resolved (fixed in 115.6.0esr-1) sid: resolved (fixed in

CVE-2023-4585 [HIGH] CVE-2023-4585: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 11... Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 11

CVE-2023-37201 [HIGH] CVE-2023-37201: firefox - An attacker could have triggered a use-after-free condition when creating a WebR... An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-5721 [MEDIUM] CVE-2023-5721: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi... It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-5171 [MEDIUM] CVE-2023-5171: firefox - During Ion compilation, a Garbage Collection could have resulted in a use-after-... During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-25751 [MEDIUM] CVE-2023-25751: firefox - Sometimes, when invalidating JIT code while following an iterator, the newly gen... Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4580 [MEDIUM] CVE-2023-4580: firefox - Push notifications stored on disk in private browsing mode were not being encryp... Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-29535 [MEDIUM] CVE-2023-29535: firefox - Following a Garbage Collector compaction, weak maps may have been accessed befor... Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (fixed in 112.0

CVE-2023-1999 [MEDIUM] CVE-2023-1999: firefox - There exists a use after free/double free in libwebp. An attacker can use the Ap... There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Scope: local s

CVE-2023-25730 [MEDIUM] CVE-2023-25730: firefox - A background script invoking <code>requestFullscreen</code> and then blocking th... A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6209 [MEDIUM] CVE-2023-6209: firefox - Relative URLs starting with three slashes were incorrectly parsed, and a path-tr... Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)