Debian Firefox vulnerabilities

CVE-2018-12401 [HIGH] CVE-2018-12401: firefox - Some special resource URIs will cause a non-exploitable crash if loaded with opt... Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5153 [HIGH] CVE-2018-5153: firefox - If websocket data is sent with mixed text and binary in a single message, the bi... If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-5100 [HIGH] CVE-2018-5100: firefox - A use-after-free vulnerability can occur when arguments passed to the "IsPotenti... A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5125 [HIGH] CVE-2018-5125: firefox - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of the... Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5136 [HIGH] CVE-2018-5136: firefox - A shared worker created from a "data:" URL in one tab can be shared by another t... A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-12385 [HIGH] CVE-2018-12385: firefox - A potentially exploitable crash in TransportSecurityInfo used for SSL can be tri... A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup c

CVE-2018-5181 [HIGH] CVE-2018-5181: firefox - If a URL using the "file:" protocol is dragged and dropped onto an open tab that... If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. Scope: l

CVE-2018-12361 [HIGH] CVE-2018-12361: firefox - An integer overflow can occur in the SwizzleData code while calculating buffer s... An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-12362 [HIGH] CVE-2018-12362: firefox - An integer overflow can occur during graphics operations done by the Supplementa... An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-5180 [HIGH] CVE-2018-5180: firefox - A use-after-free vulnerability can occur during WebGL operations. While this res... A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-6126 [HIGH] CVE-2018-6126: firefox - A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remot... A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Scope: local sid: resolved (fixed in 60.0.2-1)

CVE-2018-12393 [HIGH] CVE-2018-12393: firefox - A potential vulnerability was found in 32-bit builds where an integer overflow d... A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox E

CVE-2018-12375 [HIGH] CVE-2018-12375: firefox - Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of ... Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62. Scope: local sid: resolved (fixed in 62.0-1)

CVE-2018-12360 [HIGH] CVE-2018-12360: firefox - A use-after-free vulnerability can occur when deleting an input element during a... A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-5094 [HIGH] CVE-2018-5094: firefox - A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElemen... A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5135 [HIGH] CVE-2018-5135: firefox - WebExtensions can bypass normal restrictions in some circumstances and use "brow... WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5158 [HIGH] CVE-2018-5158: firefox - The PDF viewer does not sufficiently sanitize PostScript calculator functions, a... The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-17466 [HIGH] CVE-2018-17466: firefox - Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allow... Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Scope: local sid: resolved (fixed in 64.0-1)

CVE-2018-5182 [HIGH] CVE-2018-5182: firefox - If a text string that happens to be a filename in the operating system's native ... If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-18356 [HIGH] CVE-2018-18356: chromium - An integer overflow in path handling lead to a use after free in Skia in Google ... An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in