Debian Firefox vulnerabilities

CVE-2023-32214 [HIGH] CVE-2023-32214: firefox - Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigge... Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved

CVE-2023-29542 [CRITICAL] CVE-2023-29542: firefox - A newline in a filename could have been used to bypass the file extension securi... A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability af

CVE-2023-25734 [HIGH] CVE-2023-25734: firefox - After downloading a Windows <code>.url</code> shortcut from the local filesystem... After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firef

CVE-2023-25747 [HIGH] CVE-2023-25747: firefox - A potential use-after-free in libaudio was fixed by disabling the AAudio backend... A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. Scope: local sid: resolved

CVE-2023-29546 [MEDIUM] CVE-2023-29546: firefox - When recording the screen while in Private Browsing on Firefox for Android the a... When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. Scope: local sid: resolved

CVE-2023-25743 [HIGH] CVE-2023-25743: firefox - A lack of in app notification for entering fullscreen mode could have lead to a ... A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Scope: local sid: resolved

CVE-2023-4052 [MEDIUM] CVE-2023-4052: firefox - The Firefox updater created a directory writable by non-privileged users. When u... The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This

CVE-2023-25740 [HIGH] CVE-2023-25740: firefox - After downloading a Windows <code>.scf</code> script from the local filesystem, ... After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefo

CVE-2023-28159 [MEDIUM] CVE-2023-28159: firefox - The fullscreen notification could have been hidden on Firefox for Android by usi... The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. Scope: local sid: resolved

CVE-2023-29545 [MEDIUM] CVE-2023-29545: firefox - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested fil... Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.1

CVE-2023-4582 [HIGH] CVE-2023-4582: firefox - Due to large allocation checks in Angle for glsl shaders being too lenient a buf... Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved

CVE-2023-4576 [HIGH] CVE-2023-4576: firefox - On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` w... On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thund

CVE-2022-26384 [CRITICAL] CVE-2022-26384: firefox - If an attacker could control the contents of an iframe sandboxed with <code>allo... If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-26486 [CRITICAL] CVE-2022-26486: firefox - An unexpected message in the WebGPU IPC framework could lead to a use-after-free... An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-31736 [CRITICAL] CVE-2022-31736: firefox - A malicious website could have learned the size of a cross-origin resource that ... A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-34476 [CRITICAL] CVE-2022-34476: firefox - ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have re... ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-46882 [CRITICAL] CVE-2022-46882: firefox - A use-after-free in WebGL extensions could have led to a potentially exploitable... A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-31747 [CRITICAL] CVE-2022-31747: firefox - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing... Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10,

CVE-2022-31748 [CRITICAL] CVE-2022-31748: firefox - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard,... Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. Sc

CVE-2022-45406 [CRITICAL] CVE-2022-45406: firefox - If an out-of-memory condition occurred when creating a JavaScript global, a Java... If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-