Debian Firefox vulnerabilities

CVE-2023-28163 [MEDIUM] CVE-2023-28163: firefox - When downloading files through the Save As dialog on Windows with suggested file... When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102

CVE-2023-5758 [MEDIUM] CVE-2023-5758: firefox - When opening a page in reader mode, the redirect URL could have caused attacker-... When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. Scope: local sid: resolved

CVE-2023-34414 [LOW] CVE-2023-34414: firefox - The error page for sites with invalid TLS certificates was missing the activatio... The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the s

CVE-2023-29531 [CRITICAL] CVE-2023-29531: firefox - An attacker could have caused an out of bounds memory access using WebGL APIs, l... An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Scope: local sid: resolved

CVE-2023-5726 [MEDIUM] CVE-2023-5726: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: res

CVE-2023-4054 [MEDIUM] CVE-2023-4054: firefox - When opening appref-ms files, Firefox did not warn the user that these files may... When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Scope: local sid: resolved

CVE-2023-4863 [HIGH] CVE-2023-4863: chromium - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and lib... Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1) bullseye: resolved (fixed in 117.0.5938.62-1) forky: resolved (fixed in 117.0.5938.62-1)

CVE-2023-5727 [MEDIUM] CVE-2023-5727: firefox - The executable file warning was not presented when downloading .msix, .msixbundl... The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: re

CVE-2023-25738 [MEDIUM] CVE-2023-25738: firefox - Members of the <code>DEVMODEW</code> struct set by the printer device driver wer... Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.

CVE-2023-29532 [MEDIUM] CVE-2023-29532: firefox - A local attacker can trick the Mozilla Maintenance Service into applying an unsi... A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system acces

CVE-2023-25748 [MEDIUM] CVE-2023-25748: firefox - By displaying a prompt with a long description, the fullscreen notification coul... By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. Scope: local sid: resolved

CVE-2023-49060 [CRITICAL] CVE-2023-49060: firefox - An attacker could have accessed internal pages or data by ex-filtrating a securi... An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. Scope: local sid: resolved

CVE-2023-29534 [CRITICAL] CVE-2023-29534: firefox - Different techniques existed to obscure the fullscreen notification in Firefox a... Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. Scope: local

CVE-2023-23599 [MEDIUM] CVE-2023-23599: firefox - When copying a network request from the developer tools panel as a curl command ... When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved

CVE-2023-37455 [MEDIUM] CVE-2023-37455: firefox - The permission request prompt from the site in the background tab was overlaid o... The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. Scope: local sid: resolved

CVE-2023-49061 [MEDIUM] CVE-2023-49061: firefox - An attacker could have performed HTML template injection via Reader Mode and exf... An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. Scope: local sid: resolved

CVE-2023-5168 [CRITICAL] CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD... A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scop

CVE-2023-6870 [MEDIUM] CVE-2023-6870: firefox - Applications which spawn a Toast notification in a background thread may have ob... Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. Scope: local sid: resolved

CVE-2023-37456 [MEDIUM] CVE-2023-37456: firefox - The session restore helper crashed whenever there was no parameter sent to the m... The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. Scope: local sid: resolved

CVE-2023-23600 [MEDIUM] CVE-2023-23600: firefox - Per origin notification permissions were being stored in a way that didn't take ... Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox <