Debian Firefox vulnerabilities

CVE-2021-23959 [MEDIUM] CVE-2021-23959: firefox - An XSS bug in internal error pages could have led to various spoofing attacks, i... An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Scope: local sid: resolved

CVE-2021-38510 [HIGH] CVE-2021-38510: firefox - The executable file warning was not presented when downloading .inetloc files, w... The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved

CVE-2021-29953 [MEDIUM] CVE-2021-29953: firefox - A malicious webpage could have forced a Firefox for Android user into executing ... A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an op

CVE-2021-29965 [MEDIUM] CVE-2021-29965: firefox - A malicious website that causes an HTTP Authentication dialog to be spawned coul... A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Scope: local sid:

CVE-2021-29962 [MEDIUM] CVE-2021-29962: firefox - Firefox for Android would become unstable and hard-to-recover when a website ope... Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Scope: local sid: resolved

CVE-2021-29963 [MEDIUM] CVE-2021-29963: firefox - Address bar search suggestions in private browsing mode were re-using session da... Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Scope: local sid: resolved

CVE-2021-38505 [MEDIUM] CVE-2021-38505: firefox - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which,... Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and

CVE-2021-29993 [HIGH] CVE-2021-29993: firefox - Firefox for Android allowed navigations through the `intent://` protocol, which ... Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92. Scope: local sid: resolved

CVE-2020-6826 [CRITICAL] CVE-2020-6826: firefox - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory ... Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75. Scope: local sid: resolved (fixed in 75.0-1)

CVE-2020-26972 [CRITICAL] CVE-2020-26972: firefox - The lifecycle of IPC Actors allows managed actors to outlive their manager actor... The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. Scope: local sid: resolved (fixed in

CVE-2020-6825 [CRITICAL] CVE-2020-6825: firefox - Mozilla developers and community members Tyson Smith and Christian Holler report... Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR <

CVE-2020-12396 [CRITICAL] CVE-2020-12396: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. Scope: local sid: resolved (fixed in 76.0-1)

CVE-2020-12390 [CRITICAL] CVE-2020-12390: firefox - Incorrect origin serialization of URLs with IPv6 addresses could lead to incorre... Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. Scope: local sid: resolved (fixed in 76.0-1)

CVE-2020-6831 [CRITICAL] CVE-2020-6831: chromium - A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC.... A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved

CVE-2020-15683 [CRITICAL] CVE-2020-15683: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Scope: l

CVE-2020-6814 [CRITICAL] CVE-2020-6814: firefox - Mozilla developers reported memory safety bugs present in Firefox and Thunderbir... Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid

CVE-2020-6815 [CRITICAL] CVE-2020-6815: firefox - Mozilla developers reported memory safety and script safety bugs present in Fire... Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. Scope: local sid: resolved (fixed in 74.0-1)

CVE-2020-15684 [CRITICAL] CVE-2020-15684: firefox - Mozilla developers reported memory safety bugs present in Firefox 81. Some of th... Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. Scope: local sid: resolved (fixed in 82.0-1)

CVE-2020-6823 [CRITICAL] CVE-2020-6823: firefox - A malicious extension could have called <code>browser.identity.launchWebAuthFlow... A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75. Scope: local sid: resolved (fixed in 75.0-1)

CVE-2020-12395 [CRITICAL] CVE-2020-12395: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Scope: