Debian Firefox vulnerabilities

CVE-2023-32212 [MEDIUM] CVE-2023-32212: firefox - An attacker could have positioned a `datalist` element to obscure the address ba... An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-25741 [MEDIUM] CVE-2023-25741: firefox - When dragging and dropping an image cross-origin, the image's size could potenti... When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4575 [MEDIUM] CVE-2023-4575: firefox - When creating a callback over IPC for showing the File Picker window, multiple o... When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Fi

CVE-2023-23597 [MEDIUM] CVE-2023-23597: firefox - A compromised web child process could disable web security opening restrictions,... A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-4574 [MEDIUM] CVE-2023-4574: firefox - When creating a callback over IPC for showing the Color Picker window, multiple ... When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, F

CVE-2023-6867 [MEDIUM] CVE-2023-6867: firefox - The timing of a button click causing a popup to disappear was approximately the ... The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. Scope: local sid: res

CVE-2023-5169 [MEDIUM] CVE-2023-5169: firefox - A compromised content process could have provided malicious data in a `PathRecor... A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-5723 [MEDIUM] CVE-2023-5723: firefox - An attacker with temporary script access to a site could have set a cookie conta... An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-6211 [MEDIUM] CVE-2023-6211: firefox - If an attacker needed a user to load an insecure http: page and knew that user h... If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6872 [MEDIUM] CVE-2023-6872: firefox - Browser tab titles were being leaked by GNOME to system logs. This could potenti... Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6204 [MEDIUM] CVE-2023-6204: firefox - On some systems—depending on the graphics settings and drivers—it was possible t... On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-25750 [MEDIUM] CVE-2023-25750: firefox - Under certain circumstances, a ServiceWorker's offline cache may have leaked to ... Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-29544 [MEDIUM] CVE-2023-29544: firefox - If multiple instances of resource exhaustion occurred at the incorrect time, the... If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-29549 [MEDIUM] CVE-2023-29549: firefox - Under certain circumstances, a call to the <code>bind</code> function may have r... Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-6135 [MEDIUM] CVE-2023-6135: firefox - Multiple NSS NIST curves were susceptible to a side-channel attack known as "Min... Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6857 [MEDIUM] CVE-2023-6857: firefox - When resolving a symlink, a race may occur where the buffer passed to `readlink`... When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6206 [MEDIUM] CVE-2023-6206: firefox - The black fade animation when exiting fullscreen is roughly the length of the an... The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid:

CVE-2023-3482 [MEDIUM] CVE-2023-3482: firefox - When Firefox is configured to block storage of all cookies, it was still possibl... When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-37204 [MEDIUM] CVE-2023-37204: firefox - A website could have obscured the fullscreen notification by using an option ele... A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-4046 [MEDIUM] CVE-2023-4046: firefox - In some circumstances, a stale value could have been used for a global variable ... In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)