Debian Firefox-Esr vulnerabilities

CVE-2023-29531 [CRITICAL] CVE-2023-29531: firefox - An attacker could have caused an out of bounds memory access using WebGL APIs, l... An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Scope: local sid: resolved

CVE-2023-5726 [MEDIUM] CVE-2023-5726: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: res

CVE-2023-4054 [MEDIUM] CVE-2023-4054: firefox - When opening appref-ms files, Firefox did not warn the user that these files may... When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Scope: local sid: resolved

CVE-2023-4863 [HIGH] CVE-2023-4863: chromium - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and lib... Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1) bullseye: resolved (fixed in 117.0.5938.62-1) forky: resolved (fixed in 117.0.5938.62-1)

CVE-2023-5727 [MEDIUM] CVE-2023-5727: firefox - The executable file warning was not presented when downloading .msix, .msixbundl... The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: re

CVE-2023-25738 [MEDIUM] CVE-2023-25738: firefox - Members of the <code>DEVMODEW</code> struct set by the printer device driver wer... Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.

CVE-2023-29532 [MEDIUM] CVE-2023-29532: firefox - A local attacker can trick the Mozilla Maintenance Service into applying an unsi... A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system acces

CVE-2023-23599 [MEDIUM] CVE-2023-23599: firefox - When copying a network request from the developer tools panel as a curl command ... When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved

CVE-2023-5168 [CRITICAL] CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD... A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scop

CVE-2023-32214 [HIGH] CVE-2023-32214: firefox - Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigge... Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved

CVE-2023-29542 [CRITICAL] CVE-2023-29542: firefox - A newline in a filename could have been used to bypass the file extension securi... A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability af

CVE-2023-25734 [HIGH] CVE-2023-25734: firefox - After downloading a Windows <code>.url</code> shortcut from the local filesystem... After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firef

CVE-2023-25743 [HIGH] CVE-2023-25743: firefox - A lack of in app notification for entering fullscreen mode could have lead to a ... A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Scope: local sid: resolved

CVE-2023-4052 [MEDIUM] CVE-2023-4052: firefox - The Firefox updater created a directory writable by non-privileged users. When u... The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This

CVE-2023-29545 [MEDIUM] CVE-2023-29545: firefox - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested fil... Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.1

CVE-2023-4582 [HIGH] CVE-2023-4582: firefox - Due to large allocation checks in Angle for glsl shaders being too lenient a buf... Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved

CVE-2023-4576 [HIGH] CVE-2023-4576: firefox - On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` w... On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thund

CVE-2022-26384 [CRITICAL] CVE-2022-26384: firefox - If an attacker could control the contents of an iframe sandboxed with <code>allo... If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-26486 [CRITICAL] CVE-2022-26486: firefox - An unexpected message in the WebGPU IPC framework could lead to a use-after-free... An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-31736 [CRITICAL] CVE-2022-31736: firefox - A malicious website could have learned the size of a cross-origin resource that ... A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)