Debian Firefox vulnerabilities

CVE-2018-5107 [MEDIUM] CVE-2018-5107: firefox - The printing process can bypass local access protections to read files available... The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed

CVE-2018-12383 [MEDIUM] CVE-2018-12383: firefox - If a user saved passwords before Firefox 58 and then later set a master password... If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored p

CVE-2018-18494 [MEDIUM] CVE-2018-18494: firefox - A same-origin policy violation allowing the theft of cross-origin URL entries wh... A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Scope: local sid:

CVE-2018-5173 [MEDIUM] CVE-2018-5173: firefox - The filename appearing in the "Downloads" panel improperly renders some Unicode ... The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability

CVE-2018-5164 [MEDIUM] CVE-2018-5164: firefox - Content Security Policy (CSP) is not applied correctly to all parts of multipart... Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-18511 [MEDIUM] CVE-2018-18511: firefox - Cross-origin images can be read from a canvas element in violation of the same-o... Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. Scope: local sid: resolved (fixed in 65.0.1-1)

CVE-2018-5108 [MEDIUM] CVE-2018-5108: firefox - A Blob URL can violate origin attribute segregation, allowing it to be accessed ... A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually

CVE-2018-5142 [MEDIUM] CVE-2018-5142: firefox - If Media Capture and Streams API permission is requested from documents with "da... If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59. Scope: local

CVE-2018-5118 [MEDIUM] CVE-2018-5118: firefox - The screenshot images displayed in the Activity Stream page displayed when a new... The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that e

CVE-2018-5114 [MEDIUM] CVE-2018-5114: firefox - If an existing cookie is changed to be "HttpOnly" while a document is open, the ... If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-18497 [MEDIUM] CVE-2018-18497: firefox - Limitations on the URIs allowed to WebExtensions by the browser.windows.create A... Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64. Scope: local sid: resolved (fixed i

CVE-2018-12403 [MEDIUM] CVE-2018-12403: firefox - If a site is loaded over a HTTPS connection but loads a favicon resource over HT... If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-12399 [MEDIUM] CVE-2018-12399: firefox - When a new protocol handler is registered, the API accepts a title argument whic... When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5132 [MEDIUM] CVE-2018-5132: firefox - The Find API for WebExtensions can search some privileged pages, such as "about:... The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5167 [MEDIUM] CVE-2018-5167: firefox - The web console and JavaScript debugger do not sanitize all output that can be h... The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by mal

CVE-2018-5176 [MEDIUM] CVE-2018-5176: firefox - The JSON Viewer displays clickable hyperlinks for strings that are parseable as ... The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are

CVE-2018-5119 [MEDIUM] CVE-2018-5119: firefox - The reader view will display cross-origin content when CORS headers are set to p... The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-12366 [MEDIUM] CVE-2018-12366: firefox - An invalid grid size during QCMS (color profile) transformations can result in t... An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)

CVE-2018-5133 [MEDIUM] CVE-2018-5133: firefox - If the "app.support.baseURL" preference is changed by a malicious local program ... If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin di

CVE-2018-18499 [MEDIUM] CVE-2018-18499: firefox - A same-origin policy violation allowing the theft of cross-origin URL entries wh... A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Scope: loc