Debian Firefox-Esr vulnerabilities

CVE-2022-40959 [MEDIUM] CVE-2022-40959: firefox - During iframe navigation, certain pages did not have their FeaturePolicy fully i... During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-45418 [MEDIUM] CVE-2022-45418: firefox - If a custom mouse cursor is specified in CSS, under certain circumstances the cu... If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-28286 [MEDIUM] CVE-2022-28286: firefox - Due to a layout change, iframe contents could have been rendered outside of its ... Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-29911 [MEDIUM] CVE-2022-29911: firefox - An improper implementation of the new iframe sandbox keyword <code>allow-top-nav... An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-26383 [MEDIUM] CVE-2022-26383: firefox - When resizing a popup after requesting fullscreen access, the popup would not di... When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-42929 [MEDIUM] CVE-2022-42929: firefox - If a website called `window.print()` in a particular way, it could cause a denia... If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Scope: local sid: resolved (fixed in 106.0-1)

CVE-2022-40956 [MEDIUM] CVE-2022-40956: firefox - When injecting an HTML base element, some requests would ignore the CSP's base-u... When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-29912 [MEDIUM] CVE-2022-29912: firefox - Requests initiated through reader mode did not properly omit cookies with a Same... Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-22743 [MEDIUM] CVE-2022-22743: firefox - When navigating from inside an iframe while requesting fullscreen access, an att... When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-31738 [MEDIUM] CVE-2022-31738: firefox - When exiting fullscreen mode, an iframe could have confused the browser about th... When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45403 [MEDIUM] CVE-2022-45403: firefox - Service Workers should not be able to infer information about opaque cross-origi... Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed

CVE-2022-45416 [MEDIUM] CVE-2022-45416: firefox - Keyboard events reference strings like "KeyA" that were at fixed, known, and wid... Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-1196 [MEDIUM] CVE-2022-1196: firefox-esr - After a VR Process is destroyed, a reference to it may have been retained and us... After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. Scope: local bookworm: resolved (fixed in 91.8.0esr-1) bullseye: resolved (fixed in 91.8.0esr-1~deb11u1) forky: resolved (fixed in 91.8.0esr-1) sid

CVE-2022-31742 [MEDIUM] CVE-2022-31742: firefox - An attacker could have exploited a timing attack by sending a large number of al... An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope

CVE-2022-28282 [MEDIUM] CVE-2022-28282: firefox - By using a link with <code>rel="localization"</code> a use-after-free could have... By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-45404 [MEDIUM] CVE-2022-45404: firefox - Through a series of popup and <code>window.print()</code> calls, an attacker can... Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-38472 [MEDIUM] CVE-2022-38472: firefox - An attacker could have abused XSLT error handling to associate attacker-controll... An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Fir

CVE-2022-22760 [MEDIUM] CVE-2022-22760: firefox - When importing resources using Web Workers, error messages would distinguish the... When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-3266 [MEDIUM] CVE-2022-3266: firefox - An out-of-bounds read can occur when decoding H264 video. This results in a pote... An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-45420 [MEDIUM] CVE-2022-45420: firefox - Use tables inside of an iframe, an attacker could have caused iframe contents to... Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)