Debian Firefox vulnerabilities

CVE-2023-28161 [HIGH] CVE-2023-28161: firefox - If temporary "one-time" permissions, such as the ability to use the Camera, were... If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111.

CVE-2023-4583 [HIGH] CVE-2023-4583: firefox - When checking if the Browsing Context had been discarded in `HttpBaseChannel`, i... When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (

CVE-2023-29543 [HIGH] CVE-2023-29543: firefox - An attacker could have caused memory corruption and a potentially exploitable us... An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-32213 [HIGH] CVE-2023-32213: firefox - When reading a file, an uninitialized value could have been used as read limit. ... When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-25733 [HIGH] CVE-2023-25733: firefox - The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified whic... The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6859 [HIGH] CVE-2023-6859: firefox - A use-after-free condition affected TLS socket creation when under memory pressu... A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-28177 [HIGH] CVE-2023-28177: firefox - Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4048 [HIGH] CVE-2023-4048: firefox - An out-of-bounds read could have led to an exploitable crash when parsing HTML w... An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-28162 [HIGH] CVE-2023-28162: firefox - While implementing AudioWorklets, some code may have casted one type to another,... While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-29539 [HIGH] CVE-2023-29539: firefox - When handling the filename directive in the Content-Disposition header, the file... When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, an

CVE-2023-23606 [HIGH] CVE-2023-23606: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-25737 [HIGH] CVE-2023-25737: firefox - An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> coul... An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-37208 [HIGH] CVE-2023-37208: firefox - When opening Diagcab files, Firefox did not warn the user that these files may c... When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-6213 [HIGH] CVE-2023-6213: firefox - Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-5724 [HIGH] CVE-2023-5724: firefox - Drivers are not always robust to extremely large draw calls and in some cases th... Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-5728 [HIGH] CVE-2023-5728: firefox - During garbage collection extra operations were performed on a object that shoul... During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-6208 [HIGH] CVE-2023-6208: firefox - When using X11, text selected by the page using the Selection API was erroneousl... When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-4051 [HIGH] CVE-2023-4051: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-6863 [HIGH] CVE-2023-6863: firefox - The `ShutdownObserver()` was susceptible to potentially undefined behavior due t... The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6864 [HIGH] CVE-2023-6864: firefox - Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 11... Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 12