Debian Firefox vulnerabilities

CVE-2019-5785 [MEDIUM] CVE-2019-5785: firefox - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 ... Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Scope: local sid: resolved (fixed in 65.0.1-1)

CVE-2019-11717 [MEDIUM] CVE-2019-11717: firefox - A vulnerability exists where the caret ("^") character is improperly escaped con... A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-9816 [MEDIUM] CVE-2019-9816: firefox - A possible vulnerability exists where type confusion can occur when manipulating... A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Fir

CVE-2019-11715 [MEDIUM] CVE-2019-11715: firefox - Due to an error while parsing page content, it is possible for properly sanitize... Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11748 [MEDIUM] CVE-2019-11748: firefox - WebRTC in Firefox will honor persisted permissions given to sites for access to ... WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web con

CVE-2019-11747 [MEDIUM] CVE-2019-11747: firefox - The "Forget about this site" feature in the History pane is intended to remove a... The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the u

CVE-2019-11763 [MEDIUM] CVE-2019-11763: firefox - Failure to correctly handle null bytes when processing HTML entities resulted in... Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mas

CVE-2019-11761 [MEDIUM] CVE-2019-11761: firefox - By using a form with a data URI it was possible to gain access to the privileged... By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Scope: local sid: resolved (

CVE-2019-11754 [MEDIUM] CVE-2019-11754: firefox - When the pointer lock is enabled by a website though requestPointerLock(), no us... When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. Scope: local sid: resolved (fixed in 69.0.1-1)

CVE-2019-20503 [MEDIUM] CVE-2019-20503: chromium - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_in... usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in 80.0.3987.149-1)

CVE-2019-9815 [HIGH] CVE-2019-9815: firefox - If hyperthreading is not disabled, a timing attack vulnerability exists, similar... If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.

CVE-2019-13075 [MEDIUM] CVE-2019-13075: firefox - Tor Browser through 8.5.3 has an information exposure vulnerability. It allows r... Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. Scope: local sid: resolved (fixed in 68.

CVE-2019-9794 [CRITICAL] CVE-2019-9794: firefox - A vulnerability was discovered where specific command line arguments are not pro... A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications

CVE-2019-9801 [MEDIUM] CVE-2019-9801: firefox - Firefox will accept any registered Program ID as an external protocol handler an... Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating

CVE-2019-11729 [HIGH] CVE-2019-11729: firefox - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due va... Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-11727 [MEDIUM] CVE-2019-11727: firefox - A vulnerability exists where it possible to force Network Security Services (NSS... A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0

CVE-2019-17015 [HIGH] CVE-2019-17015: firefox - During the initialization of a new content process, a pointer offset can be mani... During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Scope: local sid: resolved

CVE-2019-9798 [HIGH] CVE-2019-9798: firefox - On Android systems, Firefox can load a library from APITRACE_LIB, which is writa... On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability aff

CVE-2019-11719 [HIGH] CVE-2019-11719: firefox - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes,... When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)

CVE-2019-17009 [HIGH] CVE-2019-17009: firefox - When running, the updater service wrote status and log files to an unrestricted ... When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbi