Debian Firefox vulnerabilities

CVE-2021-23983 [MEDIUM] CVE-2021-23983: firefox - By causing a transition on a parent node by removing a CSS rule, an invalid prop... By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. Scope: local sid: resolved (fixed in 87.0-1)

CVE-2021-38509 [MEDIUM] CVE-2021-38509: firefox - Due to an unusual sequence of attacker-controlled events, a Javascript alert() d... Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-43533 [MEDIUM] CVE-2021-43533: firefox - When parsing internationalized domain names, high bits of the characters in the ... When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-23998 [MEDIUM] CVE-2021-23998: firefox - Through complicated navigations with new windows, an HTTP page could have inheri... Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-29955 [MEDIUM] CVE-2021-29955: firefox - A transient execution vulnerability, named Floating Point Value Injection (FPVI)... A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. Scope: local sid: reso

CVE-2021-43536 [MEDIUM] CVE-2021-43536: firefox - Under certain circumstances, asynchronous functions could have caused a navigati... Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23958 [MEDIUM] CVE-2021-23958: firefox - The browser could have been confused into transferring a screen sharing state in... The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)

CVE-2021-24001 [MEDIUM] CVE-2021-24001: firefox - A compromised content process could have performed session history manipulations... A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-23956 [MEDIUM] CVE-2021-23956: firefox - An ambiguous file picker design could have confused users who intended to select... An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)

CVE-2021-43545 [MEDIUM] CVE-2021-43545: firefox - Using the Location API in a loop could have caused severe application hangs and ... Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-43543 [MEDIUM] CVE-2021-43543: firefox - Documents loaded with the CSP sandbox directive could have escaped the sandbox's... Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-43531 [MEDIUM] CVE-2021-43531: firefox - When a user loaded a Web Extensions context menu, the Web Extension could access... When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This

CVE-2021-23986 [MEDIUM] CVE-2021-23986: firefox - A malicious extension with the 'search' permission could have installed a new se... A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without co

CVE-2021-38491 [MEDIUM] CVE-2021-38491: firefox - Mixed-content checks were unable to analyze opaque origins which led to some mix... Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. Scope: local sid: resolved (fixed in 92.0-1)

CVE-2021-23955 [MEDIUM] CVE-2021-23955: firefox - The browser could have been confused into transferring a pointer lock state into... The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)

CVE-2021-29945 [MEDIUM] CVE-2021-29945: firefox - The WebAssembly JIT could miscalculate the size of a return type, which could le... The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-38508 [MEDIUM] CVE-2021-38508: firefox - By displaying a form validity message in the correct location at the same time a... By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: res

CVE-2021-23968 [MEDIUM] CVE-2021-23968: firefox - If Content Security Policy blocked frame navigation, the full destination of a r... If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolv

CVE-2021-43546 [MEDIUM] CVE-2021-43546: firefox - It was possible to recreate previous cursor spoofing attacks against users with ... It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23973 [MEDIUM] CVE-2021-23973: firefox - When trying to load a cross-origin resource in an audio/video context a decoding... When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolved (fixed in 86.0-1)