Debian Firefox-Esr vulnerabilities

CVE-2023-6867 [MEDIUM] CVE-2023-6867: firefox - The timing of a button click causing a popup to disappear was approximately the ... The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. Scope: local sid: res

CVE-2023-5169 [MEDIUM] CVE-2023-5169: firefox - A compromised content process could have provided malicious data in a `PathRecor... A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-6204 [MEDIUM] CVE-2023-6204: firefox - On some systems—depending on the graphics settings and drivers—it was possible t... On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-1945 [MEDIUM] CVE-2023-1945: firefox-esr - Unexpected data returned from the Safe Browsing API could have led to memory cor... Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Scope: local bookworm: resolved (fixed in 102.10.0esr-1) bullseye: resolved (fixed in 102.10.0esr-1~deb11u1) forky: resolved (fixed in 102.10.0esr-1) sid: resolved (

CVE-2023-6857 [MEDIUM] CVE-2023-6857: firefox - When resolving a symlink, a race may occur where the buffer passed to `readlink`... When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6206 [MEDIUM] CVE-2023-6206: firefox - The black fade animation when exiting fullscreen is roughly the length of the an... The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid:

CVE-2023-4046 [MEDIUM] CVE-2023-4046: firefox - In some circumstances, a stale value could have been used for a global variable ... In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-23598 [MEDIUM] CVE-2023-23598: firefox - Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK tr... Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-37207 [MEDIUM] CVE-2023-37207: firefox - A website could have obscured the fullscreen notification by using a URL with a ... A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-4053 [MEDIUM] CVE-2023-4053: firefox - A website could have obscured the full screen notification by using a URL with a... A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-32205 [MEDIUM] CVE-2023-32205: firefox - In multiple cases browser prompts could have been obscured by popups controlled ... In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-4045 [MEDIUM] CVE-2023-4045: firefox - Offscreen Canvas did not properly track cross-origin tainting, which could have ... Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-4573 [MEDIUM] CVE-2023-4573: firefox - When receiving rendering data over IPC `mStream` could have been destroyed when ... When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-5388 [MEDIUM] CVE-2023-5388: firefox - NSS was susceptible to a timing side-channel attack when performing RSA decrypti... NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2023-23603 [MEDIUM] CVE-2023-23603: firefox - Regular expressions used to filter out forbidden properties and values from styl... Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-6205 [MEDIUM] CVE-2023-6205: firefox - It was possible to cause the use of a MessagePort after it had already been free... It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-23601 [MEDIUM] CVE-2023-23601: firefox - Navigations were being allowed when dragging a URL from a cross-origin iframe in... Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-5174 [CRITICAL] CVE-2023-5174: firefox - If Windows failed to duplicate a handle during process creation, the sandbox cod... If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affe

CVE-2023-28163 [MEDIUM] CVE-2023-28163: firefox - When downloading files through the Save As dialog on Windows with suggested file... When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102

CVE-2023-34414 [LOW] CVE-2023-34414: firefox - The error page for sites with invalid TLS certificates was missing the activatio... The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the s