Debian Firefox vulnerabilities

CVE-2024-5698 [MEDIUM] CVE-2024-5698: firefox - By manipulating the fullscreen feature while opening a data-list, an attacker co... By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. Scope: local sid: resolved (fixed in 127.0-1)

CVE-2024-1548 [MEDIUM] CVE-2024-1548: firefox - A website could have obscured the fullscreen notification by using a dropdown se... A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)

CVE-2024-0754 [MEDIUM] CVE-2024-0754: firefox - Some WASM source files could have caused a crash when loaded in devtools. This v... Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Scope: local sid: resolved (fixed in 122.0-1)

CVE-2024-0742 [MEDIUM] CVE-2024-0742: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi... It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Scope: local sid: resolved (fixed in 122.0-1)

CVE-2024-6614 [MEDIUM] CVE-2024-6614: firefox - The frame iterator could get stuck in a loop when encountering certain wasm fram... The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)

CVE-2024-6601 [MEDIUM] CVE-2024-6601: firefox - A race condition could lead to a cross-origin container obtaining permissions of... A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)

CVE-2024-10468 [MEDIUM] CVE-2024-10468: firefox - Potential race conditions in IndexedDB could have caused memory corruption, lead... Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)

CVE-2024-8386 [MEDIUM] CVE-2024-8386: firefox - If a site had been granted the permission to open popup windows, it could cause ... If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Scope: local sid: resolved (fixed in 130.0-1)

CVE-2024-7531 [MEDIUM] CVE-2024-7531: firefox - Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input... Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite t

CVE-2024-10461 [MEDIUM] CVE-2024-10461: firefox - In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the... In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)

CVE-2024-9397 [MEDIUM] CVE-2024-9397: firefox - A missing delay in directory upload UI could have made it possible for an attack... A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Scope: local sid: resolved (fixed in 131.0-1)

CVE-2024-3860 [MEDIUM] CVE-2024-3860: firefox - An out-of-memory condition during object initialization could result in an empty... An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-11692 [MEDIUM] CVE-2024-11692: firefox - An attacker could cause a select dropdown to be shown over another tab; this cou... An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved (fixed in 133.0-1)

CVE-2024-2610 [MEDIUM] CVE-2024-2610: firefox - Using a markup injection an attacker could have stolen nonce values. This could ... Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2024-7518 [MEDIUM] CVE-2024-7518: firefox - Select options could obscure the fullscreen notification dialog. This could be u... Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Scope: local sid: resolved (fixed in 129.0-1)

CVE-2024-9398 [MEDIUM] CVE-2024-9398: firefox - By checking the result of calls to `window.open` with specifically set protocol ... By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Scope: local sid: resolved (fixed in 131.0-1)

CVE-2024-5697 [MEDIUM] CVE-2024-5697: firefox - A website was able to detect when a user took a screenshot of a page using the b... A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. Scope: local sid: resolved (fixed in 127.0-1)

CVE-2024-6612 [MEDIUM] CVE-2024-6612: firefox - CSP violations generated links in the console tab of the developer tools, pointi... CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)

CVE-2024-3861 [MEDIUM] CVE-2024-3861: firefox - If an AlignedBuffer were assigned to itself, the subsequent self-move could resu... If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-9936 [MEDIUM] CVE-2024-9936: firefox - When manipulating the selection node cache, an attacker may have been able to ca... When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. Scope: local sid: resolved (fixed in 131.0.3-1)