Debian Firefox-Esr vulnerabilities

CVE-2017-7752 [HIGH] CVE-2017-7752: firefox - A use-after-free vulnerability during specific user interactions with the input ... A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixe

CVE-2017-7771 [HIGH] CVE-2017-7771: firefox - Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass:... Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5381 [HIGH] CVE-2017-5381: firefox - The "export" function in the Certificate Viewer can force local filesystem navig... The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5379 [HIGH] CVE-2017-5379: firefox - Use-after-free vulnerability in Web Animations when interacting with cycle colle... Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7843 [HIGH] CVE-2017-7843: firefox - When Private Browsing mode is used, it is possible for a web worker to write per... When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and

CVE-2017-7772 [HIGH] CVE-2017-7772: firefox - Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::dec... Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5444 [HIGH] CVE-2017-5444: firefox - A buffer overflow vulnerability while parsing "application/http-index-format" fo... A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5385 [HIGH] CVE-2017-5385: firefox - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME... Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7805 [HIGH] CVE-2017-7805: firefox - During TLS 1.2 exchanges, handshake hashes are generated which point to a messag... During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handsha

CVE-2017-7798 [HIGH] CVE-2017-7798: firefox - The Developer Tools feature suffers from a XUL injection vulnerability due to im... The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7777 [HIGH] CVE-2017-7777: firefox - Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphit... Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5388 [HIGH] CVE-2017-5388: firefox - A STUN server in conjunction with a large number of "webkitRTCPeerConnection" ob... A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7754 [HIGH] CVE-2017-7754: firefox - An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object dur... An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5436 [HIGH] CVE-2017-5436: firefox - An out-of-bounds write in the Graphite 2 library triggered with a maliciously cr... An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52

CVE-2017-5448 [HIGH] CVE-2017-5448: firefox - An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-enc... An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerabi

CVE-2017-7776 [HIGH] CVE-2017-7776: firefox - Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in gra... Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-7791 [MEDIUM] CVE-2017-7791: firefox - On pages containing an iframe, the "data:" protocol can be used to create a moda... On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5393 [MEDIUM] CVE-2017-5393: firefox - The "mozAddonManager" allows for the installation of extensions from the CDN for... The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7764 [MEDIUM] CVE-2017-7764: firefox - Characters from the "Canadian Syllabics" unicode block can be mixed with charact... Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be m

CVE-2017-7830 [MEDIUM] CVE-2017-7830: firefox - The Resource Timing API incorrectly revealed navigations in cross-origin iframes... The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)