Debian Firefox vulnerabilities

CVE-2020-12415 [MEDIUM] CVE-2020-12415: firefox - When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have b... When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-15680 [MEDIUM] CVE-2020-15680: firefox - If a valid external protocol handler was referenced in an image tag, the resulti... If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. Scope: local sid: resolved (fixed in 82.

CVE-2020-15654 [MEDIUM] CVE-2020-15654: firefox - When in an endless loop, a website specifying a custom cursor using CSS could ma... When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunder

CVE-2020-15653 [MEDIUM] CVE-2020-15653: firefox - An iframe sandbox element with the allow-popups flag could be bypassed when usin... An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-12421 [MEDIUM] CVE-2020-12421: firefox - When performing add-on updates, certificate chains terminating in non-built-in-r... When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: reso

CVE-2020-35111 [MEDIUM] CVE-2020-35111: firefox - When an extension with the proxy permission registered to receive <all_urls>, th... When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: r

CVE-2020-26967 [MEDIUM] CVE-2020-26967: firefox - When listening for page changes with a Mutation Observer, a malicious web page c... When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-26963 [MEDIUM] CVE-2020-26963: firefox - Repeated calls to the history and location interfaces could have been used to ha... Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-26951 [MEDIUM] CVE-2020-26951: firefox - A parsing and event loading mismatch in Firefox's SVG code could have allowed lo... A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Sco

CVE-2020-26976 [MEDIUM] CVE-2020-26976: firefox - When a HTTPS pages was embedded in a HTTP page, and there was a service worker r... When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-6808 [MEDIUM] CVE-2020-6808: firefox - When a JavaScript URL (javascript:) is evaluated and the result is a string, thi... When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating do

CVE-2020-26961 [MEDIUM] CVE-2020-26961: firefox - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP r... When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5,

CVE-2020-15648 [MEDIUM] CVE-2020-15648: firefox - Using object or embed tags, it was possible to frame other websites, even if the... Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. Scope: local sid: resolved (fixed in 78.0.2-1)

CVE-2020-15668 [MEDIUM] CVE-2020-15668: firefox - A lock was missing when accessing a data structure and importing certificate inf... A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Scope: local sid: resolved (fixed in 80.0-1)

CVE-2020-15665 [MEDIUM] CVE-2020-15665: firefox - Firefox did not reset the address bar after the beforeunload dialog was shown if... Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. Scope: local sid: resolved (fixed in 80.0-1)

CVE-2020-26979 [MEDIUM] CVE-2020-26979: firefox - When a user typed a URL in the address bar or the search bar and quickly hit the... When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability af

CVE-2020-6798 [MEDIUM] CVE-2020-6798: firefox - If a template tag was used in a select tag, the parser could be confused and all... If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is d

CVE-2020-15666 [MEDIUM] CVE-2020-15666: firefox - When trying to load a non-video in an audio/video context the exact status code ... When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other atta

CVE-2020-16012 [MEDIUM] CVE-2020-16012: chromium - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280... Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: res

CVE-2020-12392 [MEDIUM] CVE-2020-12392: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird <