Debian Firefox-Esr vulnerabilities

CVE-2020-15650 [MEDIUM] CVE-2020-15650: firefox - Given an installed malicious file picker application, an attacker was able to ov... Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. Scope: local sid: resolved

CVE-2020-15663 [HIGH] CVE-2020-15663: firefox - If Firefox is installed to a user-writable directory, the Mozilla Maintenance Se... If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bu

CVE-2020-12388 [CRITICAL] CVE-2020-12388: firefox - The Firefox content processes did not sufficiently lockdown access control which... The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Scope: local sid: resolved

CVE-2020-6797 [MEDIUM] CVE-2020-6797: firefox - By downloading a file with the .fileloc extension, a semi-privileged extension c... By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaf

CVE-2020-12393 [HIGH] CVE-2020-12393: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating sys

CVE-2020-15649 [MEDIUM] CVE-2020-15649: firefox - Given an installed malicious file picker application, an attacker was able to st... Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. Scope: local sid: resolved

CVE-2020-16048 [MEDIUM] CVE-2020-16048: firefox - Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data v... Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. Scope: local sid: resolved

CVE-2020-6827 [MEDIUM] CVE-2020-6827: firefox-esr - When following a link that opened an intent://-schemed URL, causing a custom tab... When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. Scope: local bookworm: resolved bullseye: resolved forky

CVE-2020-6799 [HIGH] CVE-2020-6799: firefox - Command line arguments could have been injected during Firefox invocation as a s... Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third p

CVE-2020-6828 [HIGH] CVE-2020-6828: firefox-esr - A malicious Android application could craft an Intent that would have been proce... A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise

CVE-2020-35112 [HIGH] CVE-2020-35112: firefox - If a user downloaded a file lacking an extension on Windows, and then "Open"-ed ... If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating

CVE-2020-12389 [CRITICAL] CVE-2020-12389: firefox - The Firefox content processes did not sufficiently lockdown access control which... The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Scope: local sid: resolved

CVE-2020-26966 [MEDIUM] CVE-2020-26966: firefox - Searching for a single word from the address bar caused an mDNS request to be se... Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir

CVE-2019-11708 [CRITICAL] CVE-2019-11708: firefox - Insufficient vetting of parameters passed with the Prompt:Open IPC message betwe... Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firef

CVE-2019-11693 [CRITICAL] CVE-2019-11693: firefox - The bufferdata function in WebGL is vulnerable to a buffer overflow with specifi... The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox

CVE-2019-9791 [CRITICAL] CVE-2019-9791: firefox - The type inference system allows the compilation of functions that can cause typ... The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vu

CVE-2019-9790 [CRITICAL] CVE-2019-9790: firefox - A use-after-free vulnerability can occur when a raw pointer to a DOM element on ... A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-11691 [CRITICAL] CVE-2019-11691: firefox - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) ... A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11713 [CRITICAL] CVE-2019-11713: firefox - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream i... A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9812 [CRITICAL] CVE-2019-9812: firefox - Given a compromised sandboxed content process due to a separate vulnerability, i... Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the s