Debian Firefox-Esr vulnerabilities

CVE-2020-26965 [MEDIUM] CVE-2020-26965: firefox - Some websites have a feature "Show Password" where clicking a button will change... Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility

CVE-2020-15652 [MEDIUM] CVE-2020-15652: firefox - By observing the stack trace for JavaScript errors in web workers, it was possib... By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-26958 [MEDIUM] CVE-2020-26958: firefox - Firefox did not block execution of scripts with incorrect MIME types when the re... Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0

CVE-2020-12399 [MEDIUM] CVE-2020-12399: firefox - NSS has shown timing differences when performing DSA signatures, which was explo... NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Scope: local sid: resolved (fixed in 77.0-1)

CVE-2020-12421 [MEDIUM] CVE-2020-12421: firefox - When performing add-on updates, certificate chains terminating in non-built-in-r... When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: reso

CVE-2020-35111 [MEDIUM] CVE-2020-35111: firefox - When an extension with the proxy permission registered to receive <all_urls>, th... When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: r

CVE-2020-26951 [MEDIUM] CVE-2020-26951: firefox - A parsing and event loading mismatch in Firefox's SVG code could have allowed lo... A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Sco

CVE-2020-26976 [MEDIUM] CVE-2020-26976: firefox - When a HTTPS pages was embedded in a HTTP page, and there was a service worker r... When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-26961 [MEDIUM] CVE-2020-26961: firefox - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP r... When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5,

CVE-2020-6798 [MEDIUM] CVE-2020-6798: firefox - If a template tag was used in a select tag, the parser could be confused and all... If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is d

CVE-2020-16012 [MEDIUM] CVE-2020-16012: chromium - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280... Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: res

CVE-2020-12392 [MEDIUM] CVE-2020-12392: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird <

CVE-2020-26956 [MEDIUM] CVE-2020-26956: firefox - In some cases, removing HTML elements during sanitization would keep existing SV... In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-12418 [MEDIUM] CVE-2020-12418: firefox - Manipulating individual parts of a URL object could have caused an out-of-bounds... Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-6812 [MEDIUM] CVE-2020-6812: firefox - The first time AirPods are connected to an iPhone, they become named after the u... The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.

CVE-2020-15664 [MEDIUM] CVE-2020-15664: firefox - By holding a reference to the eval() function from an about:blank window, a mali... By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thund

CVE-2020-6514 [MEDIUM] CVE-2020-6514: chromium - Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al... Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixe

CVE-2020-26978 [MEDIUM] CVE-2020-26978: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-26953 [MEDIUM] CVE-2020-26953: firefox - It was possible to cause the browser to enter fullscreen mode without displaying... It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-16042 [MEDIUM] CVE-2020-16042: chromium - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote ... Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88