Debian Firefox vulnerabilities

CVE-2020-6813 [MEDIUM] CVE-2020-6813: firefox - When protecting CSS blocks with the nonce feature of Content Security Policy, th... When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. Scope: local sid: resolved (fixed in 74.0-1)

CVE-2020-26956 [MEDIUM] CVE-2020-26956: firefox - In some cases, removing HTML elements during sanitization would keep existing SV... In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-26962 [MEDIUM] CVE-2020-26962: firefox - Cross-origin iframes that contained a login form could have been recognized by t... Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-12418 [MEDIUM] CVE-2020-12418: firefox - Manipulating individual parts of a URL object could have caused an out-of-bounds... Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-12424 [MEDIUM] CVE-2020-12424: firefox - When constructing a permission prompt for WebRTC, a URI was supplied from the co... When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-6829 [MEDIUM] CVE-2020-6829: firefox - When performing EC scalar point multiplication, the wNAF point multiplication al... When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Scope: loca

CVE-2020-12401 [MEDIUM] CVE-2020-12401: firefox - During ECDSA signature generation, padding applied in the nonce designed to ensu... During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Scope: local sid: resolved (fixed in 80.0-1)

CVE-2020-6812 [MEDIUM] CVE-2020-6812: firefox - The first time AirPods are connected to an iPhone, they become named after the u... The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.

CVE-2020-6810 [MEDIUM] CVE-2020-6810: firefox - After a website had entered fullscreen mode, it could have used a previously ope... After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74

CVE-2020-15664 [MEDIUM] CVE-2020-15664: firefox - By holding a reference to the eval() function from an about:blank window, a mali... By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thund

CVE-2020-6514 [MEDIUM] CVE-2020-6514: chromium - Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al... Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixe

CVE-2020-26978 [MEDIUM] CVE-2020-26978: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-15682 [MEDIUM] CVE-2020-15682: firefox - When a link to an external protocol was clicked, a prompt was presented that all... When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be i

CVE-2020-26953 [MEDIUM] CVE-2020-26953: firefox - It was possible to cause the browser to enter fullscreen mode without displaying... It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-12412 [MEDIUM] CVE-2020-12412: firefox - By navigating a tab using the history API, an attacker could cause the address b... By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. Scope: local sid: resolved (fixed in 70.0-1)

CVE-2020-16042 [MEDIUM] CVE-2020-16042: chromium - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote ... Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88

CVE-2020-15658 [MEDIUM] CVE-2020-15658: firefox - The code for downloading files did not properly take care of special characters,... The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in

CVE-2020-15661 [MEDIUM] CVE-2020-15661: firefox - A rogue webpage could override the injected WKUserScript used by the logins auto... A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. Scope: local sid: resolved

CVE-2020-15650 [MEDIUM] CVE-2020-15650: firefox - Given an installed malicious file picker application, an attacker was able to ov... Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. Scope: local sid: resolved

CVE-2020-6830 [HIGH] CVE-2020-6830: firefox - For native-to-JS bridging, the app requires a unique token to be passed that ens... For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25. Scope: local sid: resolved