Debian Firefox vulnerabilities

CVE-2023-32209 [HIGH] CVE-2023-32209: firefox - A maliciously crafted favicon could have led to an out of memory crash. This vul... A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-4584 [HIGH] CVE-2023-4584: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1... Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Th

CVE-2023-25731 [HIGH] CVE-2023-25731: firefox - Due to URL previews in the network panel of developer tools improperly storing U... Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4585 [HIGH] CVE-2023-4585: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 11... Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 11

CVE-2023-37201 [HIGH] CVE-2023-37201: firefox - An attacker could have triggered a use-after-free condition when creating a WebR... An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-37209 [HIGH] CVE-2023-37209: firefox - A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSe... A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-5721 [MEDIUM] CVE-2023-5721: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi... It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-37210 [MEDIUM] CVE-2023-37210: firefox - A website could prevent a user from exiting full-screen mode via alert and promp... A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-29538 [MEDIUM] CVE-2023-29538: firefox - Under specific circumstances a WebExtension may have received a <code>jar:file:/... Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-5171 [MEDIUM] CVE-2023-5171: firefox - During Ion compilation, a Garbage Collection could have resulted in a use-after-... During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-6210 [MEDIUM] CVE-2023-6210: firefox - When an https: web page created a pop-up from a "javascript:" URL, that pop-up w... When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-25751 [MEDIUM] CVE-2023-25751: firefox - Sometimes, when invalidating JIT code while following an iterator, the newly gen... Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4580 [MEDIUM] CVE-2023-4580: firefox - Push notifications stored on disk in private browsing mode were not being encryp... Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-29535 [MEDIUM] CVE-2023-29535: firefox - Following a Garbage Collector compaction, weak maps may have been accessed befor... Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (fixed in 112.0

CVE-2023-1999 [MEDIUM] CVE-2023-1999: firefox - There exists a use after free/double free in libwebp. An attacker can use the Ap... There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Scope: local s

CVE-2023-25730 [MEDIUM] CVE-2023-25730: firefox - A background script invoking <code>requestFullscreen</code> and then blocking th... A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-37206 [MEDIUM] CVE-2023-37206: firefox - Uploading files which contain symlinks may have allowed an attacker to trick a u... Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-28160 [MEDIUM] CVE-2023-28160: firefox - When following a redirect to a publicly accessible web extension file, the URL m... When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-6209 [MEDIUM] CVE-2023-6209: firefox - Relative URLs starting with three slashes were incorrectly parsed, and a path-tr... Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-5729 [MEDIUM] CVE-2023-5729: firefox - A malicious web site can enter fullscreen mode while simultaneously triggering a... A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. Scope: local sid: resolved (fixed in 119.0-1)