Debian Firefox-Esr vulnerabilities

CVE-2019-11730 [MEDIUM] CVE-2019-11730: firefox - A vulnerability exists where if a user opens a locally saved HTML file, this fil... A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination

CVE-2019-9817 [MEDIUM] CVE-2019-9817: firefox - Images from a different domain can be read using a canvas object in some circums... Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11749 [MEDIUM] CVE-2019-11749: firefox - A vulnerability exists in WebRTC where malicious web content can use probing tec... A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local s

CVE-2019-11738 [MEDIUM] CVE-2019-11738: firefox - If a Content Security Policy (CSP) directive is defined that uses a hash-based s... If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local sid: resolved (fixed in 69

CVE-2019-11742 [MEDIUM] CVE-2019-11742: firefox - A same-origin policy violation occurs allowing the theft of cross-origin images ... A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firef

CVE-2019-5785 [MEDIUM] CVE-2019-5785: firefox - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 ... Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Scope: local sid: resolved (fixed in 65.0.1-1)

CVE-2019-11717 [MEDIUM] CVE-2019-11717: firefox - A vulnerability exists where the caret ("^") character is improperly escaped con... A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9816 [MEDIUM] CVE-2019-9816: firefox - A possible vulnerability exists where type confusion can occur when manipulating... A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Fir

CVE-2019-11715 [MEDIUM] CVE-2019-11715: firefox - Due to an error while parsing page content, it is possible for properly sanitize... Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11748 [MEDIUM] CVE-2019-11748: firefox - WebRTC in Firefox will honor persisted permissions given to sites for access to ... WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web con

CVE-2019-11747 [MEDIUM] CVE-2019-11747: firefox - The "Forget about this site" feature in the History pane is intended to remove a... The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the u

CVE-2019-11763 [MEDIUM] CVE-2019-11763: firefox - Failure to correctly handle null bytes when processing HTML entities resulted in... Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mas

CVE-2019-11761 [MEDIUM] CVE-2019-11761: firefox - By using a form with a data URI it was possible to gain access to the privileged... By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Scope: local sid: resolved (

CVE-2019-20503 [MEDIUM] CVE-2019-20503: chromium - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_in... usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in 80.0.3987.149-1)

CVE-2019-5798 [MEDIUM] CVE-2019-5798: chromium - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 a... Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: reso

CVE-2019-9815 [HIGH] CVE-2019-9815: firefox - If hyperthreading is not disabled, a timing attack vulnerability exists, similar... If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.

CVE-2019-13075 [MEDIUM] CVE-2019-13075: firefox - Tor Browser through 8.5.3 has an information exposure vulnerability. It allows r... Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. Scope: local sid: resolved (fixed in 68.

CVE-2019-9794 [CRITICAL] CVE-2019-9794: firefox - A vulnerability was discovered where specific command line arguments are not pro... A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications

CVE-2019-9801 [MEDIUM] CVE-2019-9801: firefox - Firefox will accept any registered Program ID as an external protocol handler an... Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating

CVE-2019-11729 [HIGH] CVE-2019-11729: firefox - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due va... Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)