Debian Firefox vulnerabilities

CVE-2020-12420 [HIGH] CVE-2020-12420: firefox - When trying to connect to a STUN server, a race condition could have caused a us... When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-15678 [HIGH] CVE-2020-15678: firefox - When recursing through graphical layers while scrolling, an iterator may have be... When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Scope: local sid: reso

CVE-2020-6796 [HIGH] CVE-2020-6796: firefox - A content process could have modified shared memory relating to crash reporting ... A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. Scope: local sid: resolved (fixed in 73.0-1)

CVE-2020-6819 [HIGH] CVE-2020-6819: firefox - Under certain conditions, when running the nsDocShell destructor, a race conditi... Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. Scope: local sid: resolved (fixed in 74.0.1-1)

CVE-2020-6807 [HIGH] CVE-2020-6807: firefox - When a device was changed while a stream was about to be destroyed, the <code>st... When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0-1)

CVE-2020-6809 [HIGH] CVE-2020-6809: firefox - When a Web Extension had the all-urls permission and made a fetch request with a... When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. Scope: local sid: resolved (fixed in 74.0-1)

CVE-2020-12422 [HIGH] CVE-2020-12422: firefox - In non-standard configurations, a JPEG image created by JavaScript could have ca... In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-15670 [HIGH] CVE-2020-15670: firefox - Mozilla developers reported memory safety bugs present in Firefox for Android 79... Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. Scope: local sid:

CVE-2020-15667 [HIGH] CVE-2020-15667: firefox - When processing a MAR update file, after the signature has been validated, an in... When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. Scope: local s

CVE-2020-6463 [HIGH] CVE-2020-6463: chromium - Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote... Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in 83.

CVE-2020-15656 [HIGH] CVE-2020-15656: firefox - JIT optimizations involving the Javascript arguments object could confuse later ... JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-26974 [HIGH] CVE-2020-26974: firefox - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object coul... When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-26960 [HIGH] CVE-2020-26960: firefox - If the Compact() method was called on an nsTArray, the array could have been rea... If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-12416 [HIGH] CVE-2020-12416: firefox - A VideoStreamEncoder may have been freed in a race condition with VideoBroadcast... A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-15673 [HIGH] CVE-2020-15673: firefox - Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Scope: local sid: resolved (fixed

CVE-2020-6806 [HIGH] CVE-2020-6806: firefox - By carefully crafting promise resolutions, it was possible to cause an out-of-bo... By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0

CVE-2020-15659 [HIGH] CVE-2020-15659: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 6

CVE-2020-12426 [HIGH] CVE-2020-12426: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-6805 [HIGH] CVE-2020-6805: firefox - When removing data about an origin whose tab was recently closed, a use-after-fr... When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0-1)

CVE-2020-26968 [HIGH] CVE-2020-26968: firefox - Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed