Debian Firefox vulnerabilities

CVE-2021-43538 [MEDIUM] CVE-2021-43538: firefox - By misusing a race in our notification code, an attacker could have forcefully h... By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-29960 [MEDIUM] CVE-2021-29960: firefox - Firefox used to cache the last filename used for printing a file. When generatin... Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. Scope: local sid: resolved

CVE-2021-38506 [MEDIUM] CVE-2021-38506: firefox - Through a series of navigations, Firefox could have entered fullscreen mode with... Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-23974 [MEDIUM] CVE-2021-23974: firefox - The DOMParser API did not properly process '<noscript>' elements for escaping. T... The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. Scope: local sid: resolved (fixed in 86.0-1)

CVE-2021-29982 [MEDIUM] CVE-2021-29982: firefox - Due to incorrect JIT optimization, we incorrectly interpreted data from the wron... Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Scope: local sid: resolved (fixed in 91.0-1)

CVE-2021-23996 [MEDIUM] CVE-2021-23996: firefox - By utilizing 3D CSS in conjunction with Javascript, content could have been rend... By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-29975 [MEDIUM] CVE-2021-29975: firefox - Through a series of DOM manipulations, a message, over which the attacker had co... Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90. Scope: local sid: resolved (fixed in 90.0-1)

CVE-2021-43541 [MEDIUM] CVE-2021-43541: firefox - When invoking protocol handlers for external protocols, a supplied parameter URL... When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23982 [MEDIUM] CVE-2021-23982: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Scope: local sid: resolved (fixed in 87.0-1)

CVE-2021-43530 [MEDIUM] CVE-2021-43530: firefox - A Universal XSS vulnerability was present in Firefox for Android resulting from ... A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-23984 [MEDIUM] CVE-2021-23984: firefox - A malicious extension could have opened a popup window lacking an address bar. T... A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird

CVE-2021-29961 [MEDIUM] CVE-2021-29961: firefox - When styling and rendering an oversized `<select>` element, Firefox did not appl... When styling and rendering an oversized `` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. Scope: local sid: resolved (fixed in 89.0-1)

CVE-2021-29974 [MEDIUM] CVE-2021-29974: firefox - When network partitioning was enabled, e.g. as a result of Enhanced Tracking Pro... When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to

CVE-2021-43542 [MEDIUM] CVE-2021-43542: firefox - Using XMLHttpRequest, an attacker could have identified installed applications b... Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23970 [MEDIUM] CVE-2021-23970: firefox - Context-specific code was included in a shared jump table; resulting in assertio... Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. Scope: local sid: resolved (fixed in 86.0-1)

CVE-2021-43540 [MEDIUM] CVE-2021-43540: firefox - WebExtensions with the correct permissions were able to create and install Servi... WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-38507 [MEDIUM] CVE-2021-38507: firefox - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to ... The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a n

CVE-2021-23969 [MEDIUM] CVE-2021-23969: firefox - As specified in the W3C Content Security Policy draft, when creating a violation... As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source f

CVE-2021-23975 [MEDIUM] CVE-2021-23975: firefox - The developer page about:memory has a Measure function for exploring what object... The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. Scope: local sid: resolved (fixed in 86.0-1)

CVE-2021-43532 [MEDIUM] CVE-2021-43532: firefox - The 'Copy Image Link' context menu action would copy the final image URL after r... The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tri