Debian Firefox vulnerabilities

CVE-2022-34471 [MEDIUM] CVE-2022-34471: firefox - When downloading an update for an addon, the downloaded addon update's version w... When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0

CVE-2022-22748 [MEDIUM] CVE-2022-22748: firefox - Malicious websites could have confused Firefox into showing the wrong origin whe... Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-40959 [MEDIUM] CVE-2022-40959: firefox - During iframe navigation, certain pages did not have their FeaturePolicy fully i... During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-45418 [MEDIUM] CVE-2022-45418: firefox - If a custom mouse cursor is specified in CSS, under certain circumstances the cu... If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-28286 [MEDIUM] CVE-2022-28286: firefox - Due to a layout change, iframe contents could have been rendered outside of its ... Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-29915 [MEDIUM] CVE-2022-29915: firefox - The Performance API did not properly hide the fact whether a request cross-origi... The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-29911 [MEDIUM] CVE-2022-29911: firefox - An improper implementation of the new iframe sandbox keyword <code>allow-top-nav... An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-26383 [MEDIUM] CVE-2022-26383: firefox - When resizing a popup after requesting fullscreen access, the popup would not di... When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-34475 [MEDIUM] CVE-2022-34475: firefox - SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could h... SVG tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-42929 [MEDIUM] CVE-2022-42929: firefox - If a website called `window.print()` in a particular way, it could cause a denia... If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Scope: local sid: resolved (fixed in 106.0-1)

CVE-2022-40956 [MEDIUM] CVE-2022-40956: firefox - When injecting an HTML base element, some requests would ignore the CSP's base-u... When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-29912 [MEDIUM] CVE-2022-29912: firefox - Requests initiated through reader mode did not properly omit cookies with a Same... Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-22743 [MEDIUM] CVE-2022-22743: firefox - When navigating from inside an iframe while requesting fullscreen access, an att... When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45419 [MEDIUM] CVE-2022-45419: firefox - If the user added a security exception for an invalid TLS certificate, opened an... If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26385 [MEDIUM] CVE-2022-26385: firefox - In unusual circumstances, an individual thread may outlive the thread's manager ... In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-28287 [MEDIUM] CVE-2022-28287: firefox - In unusual circumstances, selecting text could cause text selection caching to b... In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-31738 [MEDIUM] CVE-2022-31738: firefox - When exiting fullscreen mode, an iframe could have confused the browser about th... When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45403 [MEDIUM] CVE-2022-45403: firefox - Service Workers should not be able to infer information about opaque cross-origi... Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed

CVE-2022-45416 [MEDIUM] CVE-2022-45416: firefox - Keyboard events reference strings like "KeyA" that were at fixed, known, and wid... Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-31742 [MEDIUM] CVE-2022-31742: firefox - An attacker could have exploited a timing attack by sending a large number of al... An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope