Debian Firefox vulnerabilities

CVE-2022-34473 [MEDIUM] CVE-2022-34473: firefox - The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG ... The HTML Sanitizer should have sanitized the href attribute of SVG tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-22757 [MEDIUM] CVE-2022-22757: firefox - Remote Agent, used in WebDriver, did not validate the Host or Origin headers. Th... Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. *This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-28282 [MEDIUM] CVE-2022-28282: firefox - By using a link with <code>rel="localization"</code> a use-after-free could have... By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-45404 [MEDIUM] CVE-2022-45404: firefox - Through a series of popup and <code>window.print()</code> calls, an attacker can... Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-38472 [MEDIUM] CVE-2022-38472: firefox - An attacker could have abused XSLT error handling to associate attacker-controll... An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Fir

CVE-2022-22760 [MEDIUM] CVE-2022-22760: firefox - When importing resources using Web Workers, error messages would distinguish the... When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-3266 [MEDIUM] CVE-2022-3266: firefox - An out-of-bounds read can occur when decoding H264 video. This results in a pote... An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-45420 [MEDIUM] CVE-2022-45420: firefox - Use tables inside of an iframe, an attacker could have caused iframe contents to... Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-45408 [MEDIUM] CVE-2022-45408: firefox - Through a series of popups that reuse windowName, an attacker can cause a window... Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26382 [MEDIUM] CVE-2022-26382: firefox - While the text displayed in Autofill tooltips cannot be directly read by JavaScr... While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-22739 [MEDIUM] CVE-2022-22739: firefox - Malicious websites could have tricked users into accepting launching a program t... Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-46880 [MEDIUM] CVE-2022-46880: firefox - A missing check related to tex units could have led to a use-after-free and pote... A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Scop

CVE-2022-29916 [MEDIUM] CVE-2022-29916: firefox - Firefox behaved slightly differently for already known resources when loading CS... Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-34472 [MEDIUM] CVE-2022-34472: firefox - If there was a PAC URL set and the server that hosts the PAC was not reachable, ... If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-31743 [MEDIUM] CVE-2022-31743: firefox - Firefox's HTML parser did not correctly interpret HTML comment tags, resulting i... Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-22754 [MEDIUM] CVE-2022-22754: firefox - If a user installed an extension of a particular type, the extension could have ... If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-40960 [MEDIUM] CVE-2022-40960: firefox - Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This c... Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-40958 [MEDIUM] CVE-2022-40958: firefox - By injecting a cookie with certain special characters, an attacker on a shared s... By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-38475 [MEDIUM] CVE-2022-38475: firefox - An attacker could have written a value to the first element in a zero-length Jav... An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104. Scope: local sid: resolved (fixed in 104.0-1)

CVE-2022-34474 [MEDIUM] CVE-2022-34474: firefox - Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activa... Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0-1)