Debian Firefox vulnerabilities

CVE-2022-34469 [HIGH] CVE-2022-34469: firefox - When a TLS Certificate error occurs on a domain protected by the HSTS header, th... When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. *This bug only affects Firefox for Android. Other operating systems are unaffect

CVE-2022-22750 [MEDIUM] CVE-2022-22750: firefox - By generally accepting and passing resource handles across processes, a compromi... By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVE-2022-34478 [MEDIUM] CVE-2022-34478: firefox - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protoc... The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open the

CVE-2022-22746 [MEDIUM] CVE-2022-22746: firefox - A race condition could have allowed bypassing the fullscreen notification which ... A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved

CVE-2022-31739 [HIGH] CVE-2022-31739: firefox - When downloading files on Windows, the % character was not escaped, which could ... When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefo

CVE-2022-36317 [MEDIUM] CVE-2022-36317: firefox - When visiting a website with an overly long URL, the user interface would start ... When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. Scope: local sid: resolved

CVE-2021-4140 [CRITICAL] CVE-2021-4140: firefox - It was possible to construct specific XSLT markup that would be able to bypass a... It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2021-4129 [CRITICAL] CVE-2021-4129: firefox - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele ... Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability

CVE-2021-32810 [CRITICAL] CVE-2021-32810: firefox - crossbeam-deque is a package of work-stealing deques for building task scheduler... crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double f

CVE-2021-38503 [CRITICAL] CVE-2021-38503: firefox - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowin... The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-29989 [HIGH] CVE-2021-29989: firefox - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fix

CVE-2021-23995 [HIGH] CVE-2021-23995: firefox - When Responsive Design Mode was enabled, it used references to objects that were... When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-23978 [HIGH] CVE-2021-23978: firefox - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolved (fixed

CVE-2021-23997 [HIGH] CVE-2021-23997: firefox - Due to unexpected data type conversions, a use-after-free could have occurred wh... Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-38494 [HIGH] CVE-2021-38494: firefox - Mozilla developers reported memory safety bugs present in Firefox 91. Some of th... Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92. Scope: local sid: resolved (fixed in 92.0-1)

CVE-2021-23999 [HIGH] CVE-2021-23999: firefox - If a Blob URL was loaded through some unusual user interaction, it could have be... If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-29972 [HIGH] CVE-2021-29972: firefox - A use-after-free vulnerability was found via testing, and traced to an out-of-da... A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90. Scope: local sid: resolved (fixed in 90.0-1)

CVE-2021-38504 [HIGH] CVE-2021-38504: firefox - When interacting with an HTML input element's file picker dialog with webkitdire... When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-38498 [HIGH] CVE-2021-38498: firefox - During process shutdown, a document could have caused a use-after-free of a lang... During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Scope: local sid: resolved (fixed in 93.0-1)

CVE-2021-23965 [HIGH] CVE-2021-23965: firefox - Mozilla developers reported memory safety bugs present in Firefox 84. Some of th... Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)