Debian Firefox vulnerabilities

CVE-2018-5177 [HIGH] CVE-2018-5177: firefox - A vulnerability exists in XSLT during number formatting where a negative buffer ... A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-12364 [HIGH] CVE-2018-12364: firefox - NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, b... NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Fi

CVE-2018-12406 [HIGH] CVE-2018-12406: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)

CVE-2018-5129 [HIGH] CVE-2018-5129: firefox - A lack of parameter validation on IPC messages results in a potential out-of-bou... A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5141 [HIGH] CVE-2018-5141: firefox - A vulnerability in the notifications Push API where notifications can be sent th... A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5166 [HIGH] CVE-2018-5166: firefox - WebExtensions can use request redirection and a "filterReponseData" filter to by... WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-5127 [HIGH] CVE-2018-5127: firefox - A buffer overflow can occur when manipulating the SVG "animatedPathSegList" thro... A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5101 [HIGH] CVE-2018-5101: firefox - A use-after-free vulnerability can occur when manipulating floating "first-lette... A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5168 [MEDIUM] CVE-2018-5168: firefox - Sites can bypass security checks on permissions to install lightweight themes by... Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox

CVE-2018-5124 [MEDIUM] CVE-2018-5124: firefox - Unsanitized output in the browser UI leaves HTML tags in place and can result in... Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Scope: local sid: resolved (fixed in 58.0.1-1)

CVE-2018-18510 [MEDIUM] CVE-2018-18510: firefox - The about:crashcontent and about:crashparent pages can be triggered by web conte... The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1

CVE-2018-5109 [MEDIUM] CVE-2018-5109: firefox - An audio capture session can started under an incorrect origin from the site mak... An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 5

CVE-2018-5165 [MEDIUM] CVE-2018-5165: firefox - In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe ... In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protec

CVE-2018-12358 [MEDIUM] CVE-2018-12358: firefox - Service workers can use redirection to avoid the tainting of cross-origin resour... Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-12367 [MEDIUM] CVE-2018-12367: firefox - In the previous mitigations for Spectre, the resolution or precision of various ... In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Sco

CVE-2018-12365 [MEDIUM] CVE-2018-12365: firefox - A compromised IPC child process can escape the content sandbox and list the name... A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixe

CVE-2018-12398 [MEDIUM] CVE-2018-12398: firefox - By using the reflected URL in some special resource URIs, such as chrome:, it is... By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5175 [MEDIUM] CVE-2018-5175: firefox - A mechanism to bypass Content Security Policy (CSP) protections on sites that ha... A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP re

CVE-2018-5117 [MEDIUM] CVE-2018-5117: firefox - If right-to-left text is used in the addressbar with left-to-right alignment, it... If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, F

CVE-2018-5169 [MEDIUM] CVE-2018-5169: firefox - If manipulated hyperlinked text with "chrome:" URL contained in it is dragged an... If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)