Debian Firefox vulnerabilities

CVE-2019-11701 [MEDIUM] CVE-2019-11701: firefox - The default webcal: protocol handler will load a web site vulnerable to cross-si... The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fi

CVE-2019-9808 [MEDIUM] CVE-2019-9808: firefox - If WebRTC permission is requested from documents with data: or blob: URLs, the p... If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-

CVE-2019-11698 [MEDIUM] CVE-2019-11698: firefox - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and... If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability

CVE-2019-11724 [MEDIUM] CVE-2019-11724: firefox - Application permissions give additional remote troubleshooting permission to the... Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9793 [MEDIUM] CVE-2019-9793: firefox - A mechanism was discovered that removes some bounds checking for string, array, ... A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disa

CVE-2019-7317 [MEDIUM] CVE-2019-7317: firefox - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free becau... png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11695 [MEDIUM] CVE-2019-11695: firefox - A custom cursor defined by scripting on a site can position itself over the addr... A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over t

CVE-2019-11737 [MEDIUM] CVE-2019-11737: firefox - If a wildcard ('*') is specified for the host in Content Security Policy (CSP) d... If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69. Scope: local sid: resolved (fixed in 69.0-1)

CVE-2019-9797 [MEDIUM] CVE-2019-9797: firefox - Cross-origin images can be read in violation of the same-origin policy by export... Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)

CVE-2019-11699 [MEDIUM] CVE-2019-11699: firefox - A malicious page can briefly cause the wrong name to be highlighted as the domai... A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11750 [MEDIUM] CVE-2019-11750: firefox - A type confusion vulnerability exists in Spidermonkey, which results in a non-ex... A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local sid: resolved (fixed in 69.0-1)

CVE-2019-11730 [MEDIUM] CVE-2019-11730: firefox - A vulnerability exists where if a user opens a locally saved HTML file, this fil... A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination

CVE-2019-11728 [MEDIUM] CVE-2019-11728: firefox - The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site t... The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11725 [MEDIUM] CVE-2019-11725: firefox - When a user navigates to site marked as unsafe by the Safebrowsing API, warning ... When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed

CVE-2019-9817 [MEDIUM] CVE-2019-9817: firefox - Images from a different domain can be read using a canvas object in some circums... Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-11749 [MEDIUM] CVE-2019-11749: firefox - A vulnerability exists in WebRTC where malicious web content can use probing tec... A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local s

CVE-2019-11738 [MEDIUM] CVE-2019-11738: firefox - If a Content Security Policy (CSP) directive is defined that uses a hash-based s... If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local sid: resolved (fixed in 69

CVE-2019-11720 [MEDIUM] CVE-2019-11720: firefox - Some unicode characters are incorrectly treated as whitespace during the parsing... Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11721 [MEDIUM] CVE-2019-11721: firefox - The unicode latin 'kra' character can be used to spoof a standard 'k' character ... The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11742 [MEDIUM] CVE-2019-11742: firefox - A same-origin policy violation occurs allowing the theft of cross-origin images ... A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firef