Debian Firefox-Esr vulnerabilities

CVE-2016-5261 [HIGH] CVE-2016-5261: firefox - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mo... Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-9904 [HIGH] CVE-2016-9904: firefox - An attacker could use a JavaScript Map/Set timing attack to determine whether an... An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed i

CVE-2016-1973 [HIGH] CVE-2016-1973: firefox - Race condition in the GetStaticInstance function in the WebRTC implementation in... Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-5283 [HIGH] CVE-2016-5283: firefox - Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Po... Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-5263 [HIGH] CVE-2016-5263: firefox - The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox E... The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-9073 [HIGH] CVE-2016-9073: firefox - WebExtensions can bypass security checks to load privileged URLs and potentially... WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5259 [HIGH] CVE-2016-5259: firefox - Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Moz... Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-1966 [HIGH] CVE-2016-1966: firefox - The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp ... The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-9079 [HIGH] CVE-2016-9079: firefox - A use-after-free vulnerability in SVG Animation has been discovered. An exploit ... A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Scope: local sid: resolved (fixed in 50.0.2-1)

CVE-2016-1961 [HIGH] CVE-2016-1961: firefox - Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html... Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-1953 [HIGH] CVE-2016-1953: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-2790 [HIGH] CVE-2016-2790: firefox - The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as use... The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Scope: local sid: resolved (f

CVE-2016-5284 [HIGH] CVE-2016-5284: firefox - Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.... Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Scope: local sid:

CVE-2016-9896 [HIGH] CVE-2016-9896: firefox - Use-after-free while manipulating the "navigator" object within WebVR. Note: Web... Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-2821 [HIGH] CVE-2016-2821: firefox - Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firef... Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. Scope: local sid: resolved

CVE-2016-2801 [HIGH] CVE-2016-2801: firefox - The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite... The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. Scope

CVE-2016-1954 [HIGH] CVE-2016-1954: firefox - The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozil... The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local

CVE-2016-9070 [HIGH] CVE-2016-9070: firefox - A maliciously crafted page loaded to the sidebar through a bookmark can referenc... A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-2834 [HIGH] CVE-2016-2834: firefox - Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox ... Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-2806 [HIGH] CVE-2016-2806: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 46.0-1)