Debian Firefox vulnerabilities

CVE-2023-5722 [MEDIUM] CVE-2023-5722: firefox - Using iterative requests an attacker was able to learn the size of an opaque res... Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-32206 [MEDIUM] CVE-2023-32206: firefox - An out-of-bound read could have led to a crash in the RLBox Expat driver. This v... An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-28164 [MEDIUM] CVE-2023-28164: firefox - Dragging a URL from a cross-origin iframe that was removed during the drag could... Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-6860 [MEDIUM] CVE-2023-6860: firefox - The `VideoBridge` allowed any content process to use textures produced by remote... The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-5725 [MEDIUM] CVE-2023-5725: firefox - A malicious installed WebExtension could open arbitrary URLs, which under the ri... A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-29533 [MEDIUM] CVE-2023-29533: firefox - A website could have obscured the fullscreen notification by using a combination... A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird

CVE-2023-32211 [MEDIUM] CVE-2023-32211: firefox - A type checking bug would have led to invalid code being compiled. This vulnerab... A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-29548 [MEDIUM] CVE-2023-29548: firefox - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optim... A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-25728 [MEDIUM] CVE-2023-25728: firefox - The <code>Content-Security-Policy-Report-Only</code> header could allow an attac... The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4577 [MEDIUM] CVE-2023-4577: firefox - When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could alre... When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-29547 [MEDIUM] CVE-2023-29547: firefox - When a secure cookie existed in the Firefox cookie jar an insecure cookie for th... When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local

CVE-2023-4581 [MEDIUM] CVE-2023-4581: firefox - Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable... Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-32210 [MEDIUM] CVE-2023-32210: firefox - Documents were incorrectly assuming an ordering of principal objects when ensuri... Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-25742 [MEDIUM] CVE-2023-25742: firefox - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled in... When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25752 [MEDIUM] CVE-2023-25752: firefox - When accessing throttled streams, the count of available bytes needed to be chec... When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4578 [MEDIUM] CVE-2023-4578: firefox - When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which wo... When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 1

CVE-2023-6871 [MEDIUM] CVE-2023-6871: firefox - Under certain conditions, Firefox did not display a warning when a user attempte... Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-23602 [MEDIUM] CVE-2023-23602: firefox - A mishandled security check when creating a WebSocket in a WebWorker caused the ... A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-4049 [MEDIUM] CVE-2023-4049: firefox - Race conditions in reference counting code were found through code inspection. T... Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-6865 [MEDIUM] CVE-2023-6865: firefox - `EncryptingOutputStream` was susceptible to exposing uninitialized data. This i... `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)