Debian Firefox-Esr vulnerabilities

CVE-2016-2791 [HIGH] CVE-2016-2791: firefox - The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in... The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-9076 [MEDIUM] CVE-2016-9076: firefox - An issue where a "<select>" dropdown menu can be used to cover location bar cont... An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-2816 [MEDIUM] CVE-2016-2816: firefox - Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Securi... Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Scope: local sid: resolved (fixed in 46.0-1)

CVE-2016-5262 [MEDIUM] CVE-2016-5262: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript ... Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Scope: local sid: resolved (fixed in 48

CVE-2016-5251 [MEDIUM] CVE-2016-5251: firefox - Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar vi... Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-5265 [MEDIUM] CVE-2016-5265: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted... Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-5288 [MEDIUM] CVE-2016-5288: firefox - Web content could access information in the HTTP cache if e10s is disabled. This... Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-9064 [MEDIUM] CVE-2016-9064: firefox - Add-on updates failed to verify that the add-on ID inside the signed package mat... Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Fire

CVE-2016-2825 [MEDIUM] CVE-2016-2825: firefox - Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Po... Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-5292 [MEDIUM] CVE-2016-5292: firefox - During URL parsing, a maliciously crafted URL can cause a potentially exploitabl... During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-2827 [MEDIUM] CVE-2016-2827: firefox - The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 ... The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-2817 [MEDIUM] CVE-2016-2817: firefox - The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in... The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. Scope:

CVE-2016-2832 [MEDIUM] CVE-2016-2832: firefox - Mozilla Firefox before 47.0 allows remote attackers to discover the list of disa... Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-5250 [MEDIUM] CVE-2016-5250: firefox - Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow rem... Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-5279 [MEDIUM] CVE-2016-5279: firefox - Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sens... Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-2822 [MEDIUM] CVE-2016-2822: firefox - Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attack... Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-2837 [MEDIUM] CVE-2016-2837: firefox - Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in th... Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Scope: local sid: resolved (fixed in 48.0

CVE-2016-1957 [MEDIUM] CVE-2016-1957: firefox - Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.... Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-9895 [MEDIUM] CVE-2016-9895: firefox - Event handlers on "marquee" elements were executed despite a strict Content Secu... Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-5260 [MEDIUM] CVE-2016-5260: firefox - Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to '... Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file. Scope: local sid: resolved (fixed in 48.0-1)