Debian Firefox vulnerabilities

CVE-2024-0953 [MEDIUM] CVE-2024-0953: firefox - When a user scans a QR Code with the QR Code Scanner feature, the user is not pr... When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. Scope: local sid: resolved

CVE-2024-10474 [MEDIUM] CVE-2024-10474: firefox - Focus was incorrectly allowing internal links to utilize the app scheme used for... Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. Scope: local sid: resolved

CVE-2024-11693 [CRITICAL] CVE-2024-11693: firefox - The executable file warning was not presented when downloading .library-ms files... The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved

CVE-2024-31392 [HIGH] CVE-2024-31392: firefox - If an insecure element was added to a page after a delay, Firefox would not repl... If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Scope: local sid: resolved

CVE-2024-4766 [MEDIUM] CVE-2024-4766: firefox - Different techniques existed to obscure the fullscreen notification in Firefox f... Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. Scope: local sid: resolved

CVE-2024-8897 [MEDIUM] CVE-2024-8897: firefox - Under certain conditions, an attacker with the ability to redirect users to a ma... Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerabil

CVE-2024-11698 [CRITICAL] CVE-2024-11698: firefox - A flaw in handling fullscreen transitions may have inadvertently caused the appl... A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the brow

CVE-2024-31393 [MEDIUM] CVE-2024-31393: firefox - Dragging Javascript URLs to the address bar could cause them to be loaded, bypas... Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Scope: local sid: resolved

CVE-2024-53975 [MEDIUM] CVE-2024-53975: firefox - Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL... Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. Scope: local sid: resolved

CVE-2024-3302 [LOW] CVE-2024-3302: firefox - There was no limit to the number of HTTP/2 CONTINUATION frames that would be pro... There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-9395 [MEDIUM] CVE-2024-9395: firefox - A specially crafted filename containing a large number of spaces could obscure t... A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. Scope: local sid: resolved

CVE-2024-26281 [MEDIUM] CVE-2024-26281: firefox - Upon scanning a JavaScript URI with the QR code scanner, an attacker could have ... Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123. Scope: local sid: resolved

CVE-2024-4765 [HIGH] CVE-2024-4765: firefox - Web application manifests were stored by using an insecure MD5 hash which allowe... Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. Scop

CVE-2024-43113 [MEDIUM] CVE-2024-43113: firefox - The contextual menu for links could provide an opportunity for cross-site script... The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Scope: local sid: resolved

CVE-2023-5730 [CRITICAL] CVE-2023-5730: firefox - Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 11... Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed

CVE-2023-4056 [CRITICAL] CVE-2023-4056: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 1

CVE-2023-25736 [CRITICAL] CVE-2023-25736: firefox - An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to und... An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-34417 [CRITICAL] CVE-2023-34417: firefox - Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. Scope: local sid: resolved (fixed in 114.0-1)

CVE-2023-5172 [CRITICAL] CVE-2023-5172: firefox - A hashtable in the Ion Engine could have been mutated while there was a live in... A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-5175 [CRITICAL] CVE-2023-5175: firefox - During process shutdown, it was possible that an `ImageBitmap` was created that ... During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. Scope: local sid: resolved (fixed in 118.0-1)