Debian Firefox vulnerabilities

CVE-2018-5131 [MEDIUM] CVE-2018-5131: firefox - Under certain circumstances the "fetch()" API can return transient local copies ... Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulne

CVE-2018-5143 [MEDIUM] CVE-2018-5143: firefox - URLs using "javascript:" have the protocol removed when pasted into the addressb... URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability a

CVE-2018-18506 [MEDIUM] CVE-2018-18506: firefox - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Config... When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on se

CVE-2018-5111 [MEDIUM] CVE-2018-5111: firefox - When the text of a specially formatted URL is dragged to the addressbar from pag... When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5106 [MEDIUM] CVE-2018-5106: firefox - Style editor traffic in the Developer Tools can be routed through a service work... Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-12396 [MEDIUM] CVE-2018-12396: firefox - A vulnerability where a WebExtension can run content scripts in disallowed conte... A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)

CVE-2018-5140 [MEDIUM] CVE-2018-5140: firefox - Image for moz-icons can be accessed through the "moz-icon:" protocol through scr... Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5152 [MEDIUM] CVE-2018-5152: firefox - WebExtensions with the appropriate permissions can attach content scripts to Moz... WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directl

CVE-2018-12402 [MEDIUM] CVE-2018-12402: firefox - The internal WebBrowserPersist code does not use correct origin context for a re... The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince t

CVE-2018-18495 [MEDIUM] CVE-2018-18495: firefox - WebExtension content scripts can be loaded into about: pages in some circumstanc... WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. Scope: local sid: resolved

CVE-2018-5172 [MEDIUM] CVE-2018-5172: firefox - The Live Bookmarks page and the PDF viewer can run injected script content if a ... The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation.

CVE-2018-12379 [HIGH] CVE-2018-12379: firefox - When the Mozilla Updater opens a MAR format file which contains a very long item... When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbi

CVE-2018-12400 [MEDIUM] CVE-2018-12400: firefox - In private browsing mode on Firefox for Android, favicons are cached in the cach... In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63. Scope: local sid

CVE-2018-18496 [HIGH] CVE-2018-18496: firefox - When the RSS Feed preview about:feeds page is framed within another page, it can... When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability a

CVE-2018-12368 [HIGH] CVE-2018-12368: firefox - Windows 10 does not warn users before opening executable files with the SettingC... Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permissio

CVE-2018-12382 [MEDIUM] CVE-2018-12382: firefox - The displayed addressbar URL can be spoofed on Firefox for Android using a javas... The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.* Scope: local sid: resolved

CVE-2018-5110 [MEDIUM] CVE-2018-5110: firefox - If cursor visibility is toggled by script using from 'none' to an image and back... If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Scope: local sid: resolved

CVE-2018-5174 [HIGH] CVE-2018-5174: firefox - In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SE... In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because

CVE-2018-12381 [MEDIUM] CVE-2018-12381: firefox - Manually dragging and dropping an Outlook email message into the browser will tr... Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62. Sco

CVE-2018-5121 [MEDIUM] CVE-2018-5121: firefox - Low descenders on some Tibetan characters in several fonts on OS X are clipped w... Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. Scope: lo