Debian Firefox-Esr vulnerabilities

CVE-2017-7761 [MEDIUM] CVE-2017-7761: firefox - The Mozilla Maintenance Service "helper.exe" application creates a temporary dir... The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local s

CVE-2017-7845 [HIGH] CVE-2017-7845: firefox - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 ... A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vu

CVE-2017-16541 [MEDIUM] CVE-2017-16541: firefox - Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass th... Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. Scope: local sid: resolved (fixed in 62.0-1)

CVE-2016-5290 [CRITICAL] CVE-2016-5290: firefox - Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of the... Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5297 [CRITICAL] CVE-2016-5297: firefox - An error in argument length checking in JavaScript, leading to potential integer... An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5281 [CRITICAL] CVE-2016-5281: firefox - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before... Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-5289 [CRITICAL] CVE-2016-5289: firefox - Memory safety bugs were reported in Firefox 49. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5274 [CRITICAL] CVE-2016-5274: firefox - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function i... Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-9893 [CRITICAL] CVE-2016-9893: firefox - Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed ... Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-9901 [CRITICAL] CVE-2016-9901: firefox - HTML tags received from the Pocket server will be processed without sanitization... HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-0718 [CRITICAL] CVE-2016-0718: expat - Expat allows context-dependent attackers to cause a denial of service (crash) or... Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 2.1.1-2) bullseye: resolved (fixed in 2.1.1-2) forky: resolved (fixed in 2.1.1-2) sid: resolved (fixed in 2.1.1-2) trixie: resolved (fixed in 2.1.1

CVE-2016-9075 [CRITICAL] CVE-2016-9075: firefox - An issue where WebExtensions can use the mozAddonManager API to elevate privileg... An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5277 [CRITICAL] CVE-2016-5277: firefox - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Fi... Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. S

CVE-2016-5256 [CRITICAL] CVE-2016-5256: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-5276 [CRITICAL] CVE-2016-5276: firefox - Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalid... Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-9080 [CRITICAL] CVE-2016-9080: firefox - Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed ev... Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-5254 [CRITICAL] CVE-2016-5254: firefox - Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozil... Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items. Scope: local sid: re

CVE-2016-5287 [CRITICAL] CVE-2016-5287: firefox - A potentially exploitable use-after-free crash during actor destruction with ser... A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-9063 [CRITICAL] CVE-2016-9063: expat - An integer overflow during the parsing of XML using the Expat library. This vuln... An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Scope: local bookworm: resolved (fixed in 2.2.0-2) bullseye: resolved (fixed in 2.2.0-2) forky: resolved (fixed in 2.2.0-2) sid: resolved (fixed in 2.2.0-2) trixie: resolved (fixed in 2.2.0-2)

CVE-2016-5270 [CRITICAL] CVE-2016-5270: firefox - Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString... Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.