Debian Firefox vulnerabilities

CVE-2018-5163 [HIGH] CVE-2018-5163: firefox - If a malicious attacker has used another vulnerability to gain full control over... If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping

CVE-2018-5147 [HIGH] CVE-2018-5147: firefox - The libtremor library has the same flaw as CVE-2018-5146. This library is used b... The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. Scope: local sid: resolved (fixed in 59.0.1-1)

CVE-2018-12386 [HIGH] CVE-2018-12386: firefox - A vulnerability in register allocation in JavaScript can lead to type confusion,... A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Scope: local sid: resolved (fixed in 62.0.3-1)

CVE-2018-18503 [HIGH] CVE-2018-18503: firefox - When JavaScript is used to create and manipulate an audio buffer, a potentially ... When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)

CVE-2018-12371 [HIGH] CVE-2018-12371: firefox - An integer overflow vulnerability in the Skia library when allocating memory for... An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-5113 [HIGH] CVE-2018-5113: firefox - The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allow... The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5093 [HIGH] CVE-2018-5093: firefox - A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Tabl... A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5146 [HIGH] CVE-2018-5146: firefox - An out of bounds memory write while processing Vorbis audio data was reported th... An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Scope: local sid: resolved (fixed in 59.0.1-1)

CVE-2018-5130 [HIGH] CVE-2018-5130: firefox - When packets with a mismatched RTP payload type are sent in WebRTC connections, ... When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-12388 [HIGH] CVE-2018-12388: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5134 [HIGH] CVE-2018-5134: firefox - WebExtensions may use "view-source:" URLs to view local "file:" URL content, as ... WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5115 [HIGH] CVE-2018-5115: firefox - If an HTTP authentication prompt is triggered by a background network request fr... If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private cred

CVE-2018-12397 [HIGH] CVE-2018-12397: firefox - A WebExtension can request access to local files without the warning prompt stat... A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Scope: local

CVE-2018-6156 [HIGH] CVE-2018-6156: firefox - Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.... Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Scope: local sid: resolved (fixed in 70.0-1)

CVE-2018-5105 [HIGH] CVE-2018-5105: firefox - WebExtensions can bypass user prompts to first save and then open an arbitrarily... WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-12363 [HIGH] CVE-2018-12363: firefox - A use-after-free vulnerability can occur when script uses mutation events to mov... A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ES

CVE-2018-12395 [HIGH] CVE-2018-12395: firefox - By rewriting the Host: request headers using the webRequest API, a WebExtension ... By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5157 [HIGH] CVE-2018-5157: firefox - Same-origin protections for the PDF viewer can be bypassed, allowing a malicious... Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-12359 [HIGH] CVE-2018-12359: firefox - A buffer overflow can occur when rendering canvas content while adjusting the he... A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox

CVE-2018-12370 [HIGH] CVE-2018-12370: firefox - In Reader View SameSite cookie protections are not checked on exiting. This allo... In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)