Debian Firefox vulnerabilities

CVE-2022-22752 [HIGH] CVE-2022-22752: firefox - Mozilla developers Christian Holler and Jason Kratzer reported memory safety bug... Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-26485 [HIGH] CVE-2022-26485: firefox - Removing an XSLT parameter during processing could have lead to an exploitable u... Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-2200 [HIGH] CVE-2022-2200: firefox - If an object prototype was corrupted by an attacker, they would have been able t... If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-22737 [HIGH] CVE-2022-22737: firefox - Constructing audio sinks could have lead to a race condition when playing audio ... Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-22756 [HIGH] CVE-2022-22756: firefox - If a user was convinced to drag and drop an image to their desktop or other fold... If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-31740 [HIGH] CVE-2022-31740: firefox - On arm64, WASM code could have resulted in incorrect assembly generation leading... On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-1097 [MEDIUM] CVE-2022-1097: firefox - <code>NSSToken</code> objects were referenced via direct points, and could have ... NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-31745 [MEDIUM] CVE-2022-31745: firefox - If array shift operations are not used, the Garbage Collector may have become co... If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-28285 [MEDIUM] CVE-2022-28285: firefox - When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, a... When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-40957 [MEDIUM] CVE-2022-40957: firefox - Inconsistent data in instruction and data cache when creating wasm code could le... Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-22742 [MEDIUM] CVE-2022-22742: firefox - When inserting text while in edit mode, some characters might have lead to out-o... When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45411 [MEDIUM] CVE-2022-45411: firefox - Cross-Site Tracing occurs when a server will echo a request back via the Trace m... Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers

CVE-2022-36315 [MEDIUM] CVE-2022-36315: firefox - When loading a script with Subresource Integrity, attackers with an injection ca... When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. Scope: local sid: resolved (fixed in 103.0-1)

CVE-2022-22745 [MEDIUM] CVE-2022-22745: firefox - Securitypolicyviolation events could have leaked cross-origin information for fr... Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-34479 [MEDIUM] CVE-2022-34479: firefox - A malicious website that could create a popup could have resized the popup to ov... A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbi

CVE-2022-45417 [MEDIUM] CVE-2022-45417: firefox - Service Workers did not detect Private Browsing Mode correctly in all cases, whi... Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

CVE-2022-36316 [MEDIUM] CVE-2022-36316: firefox - When using the Performance API, an attacker was able to notice subtle difference... When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. Scope: local sid: resolved (fixed in 103.0-1)

CVE-2022-31744 [MEDIUM] CVE-2022-31744: firefox - An attacker could have injected CSS into stylesheets accessible via internal URI... An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45410 [MEDIUM] CVE-2022-45410: firefox - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the ori... When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resol

CVE-2022-45405 [MEDIUM] CVE-2022-45405: firefox - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creat... Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)