Debian Firefox vulnerabilities

CVE-2020-15651 [MEDIUM] CVE-2020-15651: firefox - A unicode RTL order character in the downloaded file name can be used to change ... A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. Scope: local sid: resolved

CVE-2020-35112 [HIGH] CVE-2020-35112: firefox - If a user downloaded a file lacking an extension on Windows, and then "Open"-ed ... If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating

CVE-2020-12389 [CRITICAL] CVE-2020-12389: firefox - The Firefox content processes did not sufficiently lockdown access control which... The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Scope: local sid: resolved

CVE-2020-26977 [MEDIUM] CVE-2020-26977: firefox - By attempting to connect a website using an unresponsive port, an attacker could... By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. Scope: local sid: resolved

CVE-2020-15662 [MEDIUM] CVE-2020-15662: firefox - A rogue webpage could override the injected WKUserScript used by the download fe... A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. Scope: local sid: resolved

CVE-2020-26966 [MEDIUM] CVE-2020-26966: firefox - Searching for a single word from the address bar caused an mDNS request to be se... Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir

CVE-2019-11708 [CRITICAL] CVE-2019-11708: firefox - Insufficient vetting of parameters passed with the Prompt:Open IPC message betwe... Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firef

CVE-2019-11693 [CRITICAL] CVE-2019-11693: firefox - The bufferdata function in WebGL is vulnerable to a buffer overflow with specifi... The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox

CVE-2019-9791 [CRITICAL] CVE-2019-9791: firefox - The type inference system allows the compilation of functions that can cause typ... The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vu

CVE-2019-9790 [CRITICAL] CVE-2019-9790: firefox - A use-after-free vulnerability can occur when a raw pointer to a DOM element on ... A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-11710 [CRITICAL] CVE-2019-11710: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11691 [CRITICAL] CVE-2019-11691: firefox - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) ... A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11713 [CRITICAL] CVE-2019-11713: firefox - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream i... A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9814 [CRITICAL] CVE-2019-9814: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-9812 [CRITICAL] CVE-2019-9812: firefox - Given a compromised sandboxed content process due to a separate vulnerability, i... Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the s

CVE-2019-9789 [CRITICAL] CVE-2019-9789: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-25136 [CRITICAL] CVE-2019-25136: firefox - A compromised child process could have injected XBL Bindings into privileged CSS... A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. Scope: local sid: resolved (fixed in 70.0-1)

CVE-2019-9820 [CRITICAL] CVE-2019-9820: firefox - A use-after-free vulnerability can occur in the chrome event handler when it is ... A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-9819 [CRITICAL] CVE-2019-9819: firefox - A vulnerability where a JavaScript compartment mismatch can occur while working ... A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-9796 [CRITICAL] CVE-2019-9796: firefox - A use-after-free vulnerability can occur when the SMIL animation controller inco... A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerabil