Debian Firefox-Esr vulnerabilities

CVE-2016-9905 [HIGH] CVE-2016-9905: firefox - A potentially exploitable crash in "EnumerateSubDocuments" while adding or remov... A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. Scope: local sid: resolved

CVE-2016-2824 [HIGH] CVE-2016-2824: firefox - The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and... The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. Scope: local sid: resolved

CVE-2016-2809 [MEDIUM] CVE-2016-2809: firefox - The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Window... The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. Scope: local sid: resolved

CVE-2016-9072 [HIGH] CVE-2016-9072: firefox - When a new Firefox profile is created on 64-bit Windows installations, the sandb... When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. Scope: local sid: resolved

CVE-2016-5253 [MEDIUM] CVE-2016-5253: firefox - The Updater in Mozilla Firefox before 48.0 on Windows allows local users to writ... The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. Scope: local sid: resolved

CVE-2016-2839 [MEDIUM] CVE-2016-2839: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo... Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. Scope: local sid: resolved

CVE-2016-2810 [MEDIUM] CVE-2016-2810: firefox - Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass int... Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Scope: local sid: resolved

CVE-2016-2813 [MEDIUM] CVE-2016-2813: firefox - Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript acc... Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Scope: local sid: resolved

CVE-2016-5293 [MEDIUM] CVE-2016-5293: firefox - When the Mozilla Updater is run, if the Updater's log file in the working direct... When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Scope: local sid: resolved

CVE-2016-2805 [HIGH] CVE-2016-2805: firefox - Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x befo... Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved

CVE-2013-5594 [MEDIUM] CVE-2013-5594: firefox-esr - Mozilla Firefox before 25 allows modification of anonymous content of pluginProb... Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-2668 [HIGH] CVE-2011-2668: firefox - Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-le... Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Scope: local sid: resolved

CVE-2011-2670 [MEDIUM] CVE-2011-2670: firefox - Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading S... Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets Scope: local sid: resolved

CVE-2011-2669 [MEDIUM] CVE-2011-2669: firefox - Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the vali... Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Scope: local sid: resolved

CVE-2007-0801 [MEDIUM] CVE-2007-0801: firefox - The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 crea... The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6503 [MEDIUM] CVE-2006-6503: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5... Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6498 [MEDIUM] CVE-2006-6498: firefox - Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefo... Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and at

CVE-2006-5748 [MEDIUM] CVE-2006-5748: firefox - Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox... Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6504 [CRITICAL] CVE-2006-6504: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1... Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6501 [MEDIUM] CVE-2006-6501: firefox - Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.... Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. Scope: local sid: resolved (fixed in 45.0-1)