Debian Firefox vulnerabilities

CVE-2020-26957 [MEDIUM] CVE-2020-26957: firefox - OneCRL was non-functional in the new Firefox for Android due to a missing servic... OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. Scope: local sid: resolved

CVE-2020-15647 [HIGH] CVE-2020-15647: firefox - A Content Provider in Firefox for Android allowed local files accessible by the ... A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. Scope: local sid: resolved

CVE-2020-15663 [HIGH] CVE-2020-15663: firefox - If Firefox is installed to a user-writable directory, the Mozilla Maintenance Se... If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bu

CVE-2020-26954 [MEDIUM] CVE-2020-26954: firefox - When accepting a malicious intent from other installed apps, Firefox for Android... When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Ot

CVE-2020-12388 [CRITICAL] CVE-2020-12388: firefox - The Firefox content processes did not sufficiently lockdown access control which... The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Scope: local sid: resolved

CVE-2020-15671 [LOW] CVE-2020-15671: firefox - When typing in a password under certain conditions, a race may have occured wher... When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. Scope: local sid: resolved

CVE-2020-12404 [MEDIUM] CVE-2020-12404: firefox - For native-to-JS bridging the app requires a unique token to be passed that ensu... For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. Scope: local sid: resolved

CVE-2020-6797 [MEDIUM] CVE-2020-6797: firefox - By downloading a file with the .fileloc extension, a semi-privileged extension c... By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaf

CVE-2020-12414 [MEDIUM] CVE-2020-12414: firefox - IndexedDB should be cleared when leaving private browsing mode and it is not, th... IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. Scope: local sid: resolved

CVE-2020-26955 [MEDIUM] CVE-2020-26955: firefox - When a user downloaded a file in Firefox for Android, if a cookie is set, it wou... When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*.

CVE-2020-26975 [MEDIUM] CVE-2020-26975: firefox - When a malicious application installed on the user's device broadcast an Intent ... When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems ar

CVE-2020-12393 [HIGH] CVE-2020-12393: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating sys

CVE-2020-6824 [LOW] CVE-2020-6824: firefox - Initially, a user opens a Private Browsing Window and generates a password for a... Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability

CVE-2020-15649 [MEDIUM] CVE-2020-15649: firefox - Given an installed malicious file picker application, an attacker was able to st... Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. Scope: local sid: resolved

CVE-2020-16048 [MEDIUM] CVE-2020-16048: firefox - Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data v... Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. Scope: local sid: resolved

CVE-2020-12423 [HIGH] CVE-2020-12423: firefox - When the Windows DLL "webauthn.dll" was missing from the Operating System, and a... When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. Scope: local si

CVE-2020-6799 [HIGH] CVE-2020-6799: firefox - Command line arguments could have been injected during Firefox invocation as a s... Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third p

CVE-2020-12394 [LOW] CVE-2020-12394: firefox - A logic flaw in our location bar implementation could have allowed a local attac... A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. Scope: local sid: resolved (fixed in 76.0-1)

CVE-2020-15657 [HIGH] CVE-2020-15657: firefox - Firefox could be made to load attacker-supplied DLL files from the installation ... Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird <

CVE-2020-26964 [MEDIUM] CVE-2020-26964: firefox - If the Remote Debugging via USB feature was enabled in Firefox for Android on an... If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinu