Debian Firefox vulnerabilities

CVE-2023-34415 [MEDIUM] CVE-2023-34415: firefox - When choosing a site-isolated process for a document loaded from a data: URL tha... When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data:

CVE-2023-23598 [MEDIUM] CVE-2023-23598: firefox - Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK tr... Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-37207 [MEDIUM] CVE-2023-37207: firefox - A website could have obscured the fullscreen notification by using a URL with a ... A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-23604 [MEDIUM] CVE-2023-23604: firefox - A duplicate `SystemPrincipal` object could be created when parsing a non-system ... A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-4053 [MEDIUM] CVE-2023-4053: firefox - A website could have obscured the full screen notification by using a URL with a... A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-32208 [MEDIUM] CVE-2023-32208: firefox - Service workers could reveal script base URL due to dynamic `import()`. This vul... Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-32205 [MEDIUM] CVE-2023-32205: firefox - In multiple cases browser prompts could have been obscured by popups controlled ... In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-4045 [MEDIUM] CVE-2023-4045: firefox - Offscreen Canvas did not properly track cross-origin tainting, which could have ... Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-37205 [MEDIUM] CVE-2023-37205: firefox - The use of RTL Arabic characters in the address bar may have allowed for URL spo... The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-4573 [MEDIUM] CVE-2023-4573: firefox - When receiving rendering data over IPC `mStream` could have been destroyed when ... When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-5388 [MEDIUM] CVE-2023-5388: firefox - NSS was susceptible to a timing side-channel attack when performing RSA decrypti... NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2023-29540 [MEDIUM] CVE-2023-29540: firefox - Using a redirect embedded into <code>sourceMappingUrls</code> could allow for na... Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-23603 [MEDIUM] CVE-2023-23603: firefox - Regular expressions used to filter out forbidden properties and values from styl... Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-6205 [MEDIUM] CVE-2023-6205: firefox - It was possible to cause the use of a MessagePort after it had already been free... It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6869 [MEDIUM] CVE-2023-6869: firefox - A `&lt;dialog>` element could have been manipulated to paint content outside of ... A ` ` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-23601 [MEDIUM] CVE-2023-23601: firefox - Navigations were being allowed when dragging a URL from a cross-origin iframe in... Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-5174 [CRITICAL] CVE-2023-5174: firefox - If Windows failed to duplicate a handle during process creation, the sandbox cod... If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affe

CVE-2023-6868 [MEDIUM] CVE-2023-6868: firefox - In some instances, the user-agent would allow push requests which lacked a valid... In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. Scope: local sid: resolved

CVE-2023-25749 [MEDIUM] CVE-2023-25749: firefox - Android applications with unpatched vulnerabilities can be launched from a brows... Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox <

CVE-2023-4579 [LOW] CVE-2023-4579: firefox - Search queries in the default search engine could appear to have been the curren... Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. Scope: local sid: resolved (fixed in 117.0-1)