Debian Firefox vulnerabilities

CVE-2017-5400 [CRITICAL] CVE-2017-5400: firefox - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASL... JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5401 [CRITICAL] CVE-2017-5401: firefox - A crash triggerable by web content in which an "ErrorResult" references unassign... A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5443 [CRITICAL] CVE-2017-5443: firefox - An out-of-bounds write vulnerability while decoding improperly formed BinHex for... An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7810 [CRITICAL] CVE-2017-7810: firefox - Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of the... Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-5439 [CRITICAL] CVE-2017-5439: firefox - A use-after-free vulnerability during XSLT processing due to poor handling of te... A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5438 [CRITICAL] CVE-2017-5438: firefox - A use-after-free vulnerability during XSLT processing due to the result handler ... A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5398 [CRITICAL] CVE-2017-5398: firefox - Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed ... Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-7785 [CRITICAL] CVE-2017-7785: firefox - A buffer overflow can occur when manipulating Accessible Rich Internet Applicati... A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5428 [CRITICAL] CVE-2017-5428: firefox - An integer overflow in "createImageBitmap()" was reported through the Pwn2Own co... An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

CVE-2017-5390 [CRITICAL] CVE-2017-5390: firefox - The JSON viewer in the Developer Tools uses insecure methods to create a communi... The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5440 [CRITICAL] CVE-2017-5440: firefox - A use-after-free vulnerability during XSLT processing due to a failure to propag... A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local

CVE-2017-7750 [CRITICAL] CVE-2017-7750: firefox - A use-after-free vulnerability during video control operations when a "<track>" ... A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5446 [CRITICAL] CVE-2017-5446: firefox - An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames... An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5403 [CRITICAL] CVE-2017-5403: firefox - When adding a range to an object in the DOM, it is possible to use "addRange" to... When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5464 [CRITICAL] CVE-2017-5464: firefox - During DOM manipulations of the accessibility tree through script, the DOM tree ... During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5374 [CRITICAL] CVE-2017-5374: firefox - Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evid... Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7813 [HIGH] CVE-2017-7813: firefox - Inside the JavaScript parser, a cast of an integer to a narrower type can result... Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7803 [HIGH] CVE-2017-7803: firefox - When a page's content security policy (CSP) header contains a "sandbox" directiv... When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5454 [HIGH] CVE-2017-5454: firefox - A mechanism to bypass file system access protections in the sandbox to use the f... A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed i

CVE-2017-7783 [HIGH] CVE-2017-7783: firefox - If a long user name is used in a username/password combination in a site URL (su... If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)