Debian Firefox-Esr vulnerabilities

CVE-2016-9903 [MEDIUM] CVE-2016-9903: firefox - Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vul... Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-1955 [MEDIUM] CVE-2016-1955: firefox - Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Po... Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-5291 [MEDIUM] CVE-2016-5291: firefox - A same-origin policy bypass with local shortcut files to load arbitrary local co... A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5282 [MEDIUM] CVE-2016-5282: firefox - Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon req... Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-2820 [MEDIUM] CVE-2016-2820: firefox - The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Fi... The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. Scope: local sid: resolved (fixed in 46.0-1)

CVE-2016-5271 [MEDIUM] CVE-2016-5271: firefox - The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0... The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-1965 [MEDIUM] CVE-2016-1965: firefox - Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigat... Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-1967 [MEDIUM] CVE-2016-1967: firefox - Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAM... Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because

CVE-2016-2833 [MEDIUM] CVE-2016-2833: firefox - Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for... Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-2829 [MEDIUM] CVE-2016-2829: firefox - Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifica... Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-1956 [MEDIUM] CVE-2016-1956: firefox - Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows... Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-9067 [MEDIUM] CVE-2016-9067: firefox - Two use-after-free errors during DOM operations resulting in potentially exploit... Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-9074 [MEDIUM] CVE-2016-9074: firefox-esr - An existing mitigation of timing side-channel attacks is insufficient in some ci... An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local bookworm: resolved (fixed in 45.5.0esr-1) bullseye: resolved (fixed in 45.5.0esr-1) forky: resolved (fixed

CVE-2016-5268 [MEDIUM] CVE-2016-5268: firefox - Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_... Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-1958 [MEDIUM] CVE-2016-1958: firefox - browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 3... browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-2830 [MEDIUM] CVE-2016-2830: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the networ... Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-9071 [MEDIUM] CVE-2016-9071: firefox - Content Security Policy combined with HTTP to HTTPS redirection can be used by m... Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5267 [MEDIUM] CVE-2016-5267: firefox - Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the addr... Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. Scope: local sid: resolved

CVE-2016-5294 [MEDIUM] CVE-2016-5294: firefox - The Mozilla Updater can be made to choose an arbitrary target working directory ... The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved

CVE-2016-2826 [HIGH] CVE-2016-2826: firefox - The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x befo... The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file. Scope: local sid: resolved