Debian Firefox-Esr vulnerabilities

CVE-2022-46874 [HIGH] CVE-2022-46874: firefox - A file with a long filename could have had its filename truncated to remove the ... A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting i

CVE-2022-22751 [HIGH] CVE-2022-22751: firefox - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratz... Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary

CVE-2022-46881 [HIGH] CVE-2022-46881: firefox - An optimization in WebGL was incorrect in some cases, and could have led to memo... An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Th

CVE-2022-26485 [HIGH] CVE-2022-26485: firefox - Removing an XSLT parameter during processing could have lead to an exploitable u... Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-2200 [HIGH] CVE-2022-2200: firefox - If an object prototype was corrupted by an attacker, they would have been able t... If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-22737 [HIGH] CVE-2022-22737: firefox - Constructing audio sinks could have lead to a race condition when playing audio ... Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-22756 [HIGH] CVE-2022-22756: firefox - If a user was convinced to drag and drop an image to their desktop or other fold... If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-31740 [HIGH] CVE-2022-31740: firefox - On arm64, WASM code could have resulted in incorrect assembly generation leading... On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-1097 [MEDIUM] CVE-2022-1097: firefox - <code>NSSToken</code> objects were referenced via direct points, and could have ... NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-28285 [MEDIUM] CVE-2022-28285: firefox - When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, a... When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-40957 [MEDIUM] CVE-2022-40957: firefox - Inconsistent data in instruction and data cache when creating wasm code could le... Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-22742 [MEDIUM] CVE-2022-22742: firefox - When inserting text while in edit mode, some characters might have lead to out-o... When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45411 [MEDIUM] CVE-2022-45411: firefox - Cross-Site Tracing occurs when a server will echo a request back via the Trace m... Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers

CVE-2022-22745 [MEDIUM] CVE-2022-22745: firefox - Securitypolicyviolation events could have leaked cross-origin information for fr... Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-34479 [MEDIUM] CVE-2022-34479: firefox - A malicious website that could create a popup could have resized the popup to ov... A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbi

CVE-2022-31744 [MEDIUM] CVE-2022-31744: firefox - An attacker could have injected CSS into stylesheets accessible via internal URI... An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45410 [MEDIUM] CVE-2022-45410: firefox - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the ori... When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resol

CVE-2022-45405 [MEDIUM] CVE-2022-45405: firefox - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creat... Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26386 [MEDIUM] CVE-2022-26386: firefox-esr - Previously Firefox for macOS and Linux would download temporary files to a user-... Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. *This bug only affects Firefox for macOS and Linux. Other operating systems are

CVE-2022-22748 [MEDIUM] CVE-2022-22748: firefox - Malicious websites could have confused Firefox into showing the wrong origin whe... Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)