Debian Firefox vulnerabilities

CVE-2022-22755 [HIGH] CVE-2022-22755: firefox - By using XSL Transforms, a malicious webserver could have served a user an XSL d... By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-22761 [HIGH] CVE-2022-22761: firefox - Web-accessible extension pages (pages with a moz-extension:// scheme) were not c... Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-34477 [HIGH] CVE-2022-34477: firefox - The MediaError message property should be consistent to avoid leaking informatio... The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-46873 [HIGH] CVE-2022-46873: firefox - Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, ... Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. Scope: local si

CVE-2022-0511 [HIGH] CVE-2022-0511: firefox - Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Rand... Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera

CVE-2022-42932 [HIGH] CVE-2022-42932: firefox - Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbi

CVE-2022-46883 [HIGH] CVE-2022-46883: firefox - Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Moz... Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.*Note*: This advisory was added on December 13th, 2022 after

CVE-2022-22764 [HIGH] CVE-2022-22764: firefox - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR <

CVE-2022-22741 [HIGH] CVE-2022-22741: firefox - When resizing a popup while requesting fullscreen access, the popup would have b... When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45409 [HIGH] CVE-2022-45409: firefox - The garbage collector could have been aborted in several states and zones and <c... The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26387 [HIGH] CVE-2022-26387: firefox - When installing an add-on, Firefox verified the signature before prompting the u... When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-34481 [HIGH] CVE-2022-34481: firefox - In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer over... In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-38478 [HIGH] CVE-2022-38478: firefox - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ... Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR <

CVE-2022-46885 [HIGH] CVE-2022-46885: firefox - Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team rep... Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106. Scope: local sid: resolved (fixed in 10

CVE-2022-1529 [HIGH] CVE-2022-1529: firefox - An attacker could have sent a message to the parent process where the contents w... An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 9

CVE-2022-28289 [HIGH] CVE-2022-28289: firefox - Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriel... Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunder

CVE-2022-28281 [HIGH] CVE-2022-28281: firefox - If a compromised content process sent an unexpected number of WebAuthN Extension... If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-46874 [HIGH] CVE-2022-46874: firefox - A file with a long filename could have had its filename truncated to remove the ... A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting i

CVE-2022-22751 [HIGH] CVE-2022-22751: firefox - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratz... Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary

CVE-2022-46881 [HIGH] CVE-2022-46881: firefox - An optimization in WebGL was incorrect in some cases, and could have led to memo... An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Th