Debian Firefox vulnerabilities

CVE-2019-17024 [HIGH] CVE-2019-17024: firefox - Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Scope: local sid: resolved (fixed in 72.0-1)

CVE-2019-11764 [HIGH] CVE-2019-11764: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Scope: local sid: r

CVE-2019-11716 [HIGH] CVE-2019-11716: firefox - Until explicitly accessed by script, window.globalThis is not enumerable and, as... Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. Scope: local

CVE-2019-9803 [HIGH] CVE-2019-9803: firefox - The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled ... The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the li

CVE-2019-17010 [HIGH] CVE-2019-17010: firefox - Under certain conditions, when checking the Resist Fingerprinting preference dur... Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Scope: local sid: resolved (fixed in 71.0-1)

CVE-2019-11752 [HIGH] CVE-2019-11752: firefox - It is possible to delete an IndexedDB key value and subsequently try to extract ... It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Scope: local sid: resolved (fixed in 69.0-1)

CVE-2019-17025 [HIGH] CVE-2019-17025: firefox - Mozilla developers reported memory safety bugs present in Firefox 71. Some of th... Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. Scope: local sid: resolved (fixed in 72.0-1)

CVE-2019-9821 [HIGH] CVE-2019-9821: firefox - A use-after-free vulnerability can occur in AssertWorkerThread due to a race con... A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-9813 [HIGH] CVE-2019-9813: firefox - Incorrect handling of __proto__ mutations may lead to type confusion in IonMonke... Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Scope: local sid: resolved (fixed in 66.0.1-1)

CVE-2019-11712 [HIGH] CVE-2019-11712: firefox - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 re... POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9811 [HIGH] CVE-2019-9811: firefox - As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape b... As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9806 [HIGH] CVE-2019-9806: firefox - A vulnerability exists during authorization prompting for FTP transaction where ... A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-9809 [HIGH] CVE-2019-9809: firefox - If the source for resources on a page is through an FTP connection, it is possib... If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-11759 [HIGH] CVE-2019-11759: firefox - An attacker could have caused 4 bytes of HMAC output to be written past the end ... An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Scope: local sid: resolved (fixed in 70.0-1)

CVE-2019-11723 [HIGH] CVE-2019-11723: firefox - A vulnerability exists during the installation of add-ons where the initial fetc... A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in

CVE-2019-9802 [HIGH] CVE-2019-9802: firefox - If a Sandbox content process is compromised, it can initiate an FTP download whi... If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrom

CVE-2019-11756 [HIGH] CVE-2019-11756: firefox - Improper refcounting of soft token session objects could cause a use-after-free ... Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. Scope: local sid: resolved (fixed in 71.0-1)

CVE-2019-17017 [HIGH] CVE-2019-17017: firefox - Due to a missing case handling object types, a type confusion vulnerability coul... Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Scope: local sid: resolved (fixed in 72.0-1)

CVE-2019-11740 [HIGH] CVE-2019-11740: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firef

CVE-2019-9810 [HIGH] CVE-2019-9810: firefox - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice ... Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Scope: local sid: resolved (fixed in 66.0.1-1)