Debian Firefox vulnerabilities

CVE-2023-23605 [HIGH] CVE-2023-23605: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVE-2023-6856 [HIGH] CVE-2023-6856: firefox - The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overfl... The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-37203 [HIGH] CVE-2023-37203: firefox - Insufficient validation in the Drag and Drop API in conjunction with social engi... Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-6858 [HIGH] CVE-2023-6858: firefox - Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to ins... Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-29550 [HIGH] CVE-2023-29550: firefox - Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these b... Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Sco

CVE-2023-0767 [HIGH] CVE-2023-0767: firefox - An attacker could construct a PKCS 12 cert bundle in such a way that could allow... An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-5173 [HIGH] CVE-2023-5173: firefox - In a non-standard configuration of Firefox, an integer overflow could have occur... In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.*

CVE-2023-5170 [HIGH] CVE-2023-5170: firefox - In canvas rendering, a compromised content process could have caused a surface t... In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-25739 [HIGH] CVE-2023-25739: firefox - Module load requests that failed were not being checked as to whether or not the... Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4055 [HIGH] CVE-2023-4055: firefox - When the number of cookies per domain was exceeded in `document.cookie`, the act... When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0

CVE-2023-29537 [HIGH] CVE-2023-29537: firefox - Multiple race conditions in the font initialization could have led to memory cor... Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-25745 [HIGH] CVE-2023-25745: firefox - Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25732 [HIGH] CVE-2023-25732: firefox - When encoding data from an <code>inputStream</code> in <code>xpcom</code> the si... When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-29536 [HIGH] CVE-2023-29536: firefox - An attacker could cause the memory manager to incorrectly free a pointer that ad... An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (

CVE-2023-6873 [HIGH] CVE-2023-6873: firefox - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-25735 [HIGH] CVE-2023-25735: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-29551 [HIGH] CVE-2023-29551: firefox - Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-37202 [HIGH] CVE-2023-37202: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-25729 [HIGH] CVE-2023-25729: firefox - Permission prompts for opening external schemes were only shown for <code>Conten... Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbir

CVE-2023-37212 [HIGH] CVE-2023-37212: firefox - Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)